[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: streql - Constant-time string comparison

On Sat, Nov 01, 2014 at 04:21:53PM +0000, Jack wrote:
> This mailing list is for security announcements. All Debian users are
> encouraged to subscribe, so that they know about the latest threats and
> updates.

Incorrect; you're thinking of debian-security-announce, which is
moderated and only used for announcements. debian-security is a
discussion list.

> It is not reasonable to use this list as a forum for discussing a Python
> string-comparison routine. Can you please take your discussion somewhere
> else?

Given the long history of security ramifications of string handling on
Unix (and even non-Unix) systems, I don't think you can make that claim
without qualification. Though I'll agree that the current discussion may
be somewhat off-topic.


Attachment: signature.asc
Description: Digital signature

Reply to: