Barry A. Warsaw added the comment: On Feb 20, 2017, at 02:21 PM, STINNER Victor wrote:
>What am I supposed to do with an UUID with safe=False? Should I loop on the >function until I get safe==True? It would be an application dependent response. It might be that you would check some other attributes of your platform (e.g. are the OS packages that should be installed to give you safe UUIDs?). Or your application may not care that much, or your application may refuse to continue to run on platforms without safe UUIDs, or you might use some application-level synchronization methods to guarantee safe UUIDs (e.g. store the unsafe or unknown ones in a database and check that new ones are not already used). The point of this change is that it provides information to the application creating UUIDs that wasn't previously available. >"safe for multiprocessing applications" > >Does it mean unique on the whole system? > >I looked at uuid_generate_time_safe(3) manual page which mention >"synchronization mechanisms (see above)" but they are not documented. >http://manpages.ubuntu.com/manpages/zesty/en/man3/uuid_generate.3.html I believe some systems at least use interprocess communication with a daemon to provide the synchronization. Yes, it would be system-wide. >> I'm classifying this as a security issue, (...) > >This issue was only fixed in Python 3.7. Does it mean that it's no more >considered as as security vulnerability? I should remove that tag. While this could have an impact on application security, it's not a security issue *in Python* itself. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22807> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com