Roundup Tracker - Issues

Message6177

Author ber
Recipients ber, cmeerw, joseph_myers, rouilj, schlatterbeck
Date 2018-08-10.09:07:37
Message-id <201808101107.34705.bernhard@intevation.de>
In-reply-to <20180809162954.6648C5F52F@vm71.localdomain>
> In any case, seeding the prng random generator obtained via
> "import random" should be done in all cases by the core code.

I fully agree for non-cryptographic purposes.

> The changes Christof made simplified the code used for security
> related randomness significantly. It is now in one module that is used
> throughout the code.

Talking about this cryptographic purposes random module:
My suggestion is to remove the variant that goes without SystemRandom.
This would simply it  even more, because the security properties
are more predictable. (And most interesting platforms will have it or if they 
don't they at least have a strong warning that they are lacking an important 
random source and a good solution is then to implement a good SystemRandom
for their platform.)
History
Date User Action Args
2018-08-10 09:07:38bersetrecipients: + ber, schlatterbeck, rouilj, cmeerw, joseph_myers
2018-08-10 09:07:38berlinkissue2550988 messages
2018-08-10 09:07:37bercreate