[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: streql - Constant-time string comparison

On Sun, Nov 2, 2014 at 1:21 AM, Jack <jack@jackpot.uk.net> wrote:
> On 01/11/2014 16:07, Joel Rees wrote:
>> Riley is under the impression that Python strings are counted,
>> rather than NUL-terminated. Given the answers to
>> http://stackoverflow.com/questions/237128/is-there-a-reason-python-strings-dont-have-a-string-length-method
>>  I'm pretty sure he's right.
>>> [...]
> Why is this thread being pursued in Debian Security?

Because I don't feel like signing up on github just to talk about
trying to improve a project intended to add secure string comparison
methods to python, which project has someone requesting a sponsor in

> This mailing list is for security announcements.


Then explain these:


> All Debian users are
> encouraged to subscribe, so that they know about the latest threats and
> updates.

Perhaps you're thinking about this list:


> It is not reasonable to use this list as a forum for discussing a Python
> string-comparison routine.

If we weren't talking about security related issues in Python string
handling, you'd be right.

> Can you please take your discussion somewhere
> else?

Well, I'm not a dev, so I guess I don't belong here. I've said enough,
I'm sure that if someone decides to sponsor the project they can work
out the remaining details.

Except for one more thing, I guess. That will be my last post here.

Joel Rees

Be careful when you look at conspiracy.
Look first in your own heart,
and ask yourself if you are not your own worst enemy.
Arm yourself with knowledge of yourself, as well.

Reply to: