So it seems there's some consensus that this is not generally exploitable and can instead be fixed in public as a hardening measure?
As for adding a constant time comparison to oslo, are there not already existing Python modules which can provide that so we don't reinvent the wheel (the age old adage of not rolling one's own crypto primitives seems applicable here, even if this isn't strictly a cryptographic matter)?
So it seems there's some consensus that this is not generally exploitable and can instead be fixed in public as a hardening measure?
As for adding a constant time comparison to oslo, are there not already existing Python modules which can provide that so we don't reinvent the wheel (the age old adage of not rolling one's own crypto primitives seems applicable here, even if this isn't strictly a cryptographic matter)?