Gregory P. Smith

Updating the PyConfig struct definition comment to say it should be treated read-only after init makes sense to me. I'd have seen that when making changes. I'm much less likely...

Please include a benchmark comparing to the OpenSSL based sha2 as well.

> Note that OpenSSL is compiled without assembly support (`no-asm no-hw`) to get a fair comparison. LOL, thanks, but fair enough. 😄 This does at least answer my broader question...

This is probably in `ToUnicode` and `ToASCII` of https://github.com/python/cpython/blob/main/Lib/encodings/idna.py and/or in https://github.com/python/cpython/blob/main/Lib/encodings/punycode.py itself, where we could presumably just do an up front length check and reject inputs that are obviously...

PRs are either merged or will be merged before the next release (marked as release-blockers) so I'm closing this. A CVE id has been assigned [CVE-2022-45061](https://www.cve.org/CVERecord?id=CVE-2022-45061) for tracking purposes.

It might be useful to define APIs to copy a PyInterpreterState and PyThreadStats where all of this can be encapsulated? granted there seems to be only one place in the...

_(missing context: there was a private email thread cc'ing ~7 of us including myself, @tiran, @alex, @msprotz & others that led to this issue and PR) in response to https://github.com/python/cpython/issues/98517...

Environment dictionaries are string to string maps. - https://docs.python.org/3/library/os.html#os.environ `None` is not a valid value. If code wants to define an environment variable with no value it should set it...

We shouldn't be adding assertions into the standard library because of uncommon bugs in calling code. However if you use a static analysis tool like pytype or mypy it should...

Christian added the SHA3 support so is probably best to comment on this. The way our hashlib code is structured we always use the https://github.com/python/cpython/tree/master/Modules/_sha3 implementation rather than OpenSSL for...