Upgrade python/rsa to version-4.7 am: bd1808f494

Original change: https://android-review.googlesource.com/c/platform/external/python/rsa/+/1546899 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I5a50d248e934af230eed54d603a6671c37bd2d56
author: Haibo Huang <hhb@google.com> 2021-01-13 03:58:05 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2021-01-13 03:58:05 +0000
commit: 569b8caa975612752f2db7a1cc0e26d24858c6c6 (patch)
tree: 8b0f9833bf8315485b5ffeb842d7b538522f9709 /README.md
parent: d2ee38649f9aaf29e7c4b89b4864e6b0b3f52171 (diff)
parent: bd1808f49480fd09e6488bb85e0e23a68b27b1d8 (diff)
download: rsa-569b8caa975612752f2db7a1cc0e26d24858c6c6.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/README.md b/README.md
index ea24210..2684060 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,12 @@ or download it from the [Python Package Index](https://pypi.org/project/rsa/).
 The source code is maintained at [GitHub](https://github.com/sybrenstuvel/python-rsa/) and is
 licensed under the [Apache License, version 2.0](https://www.apache.org/licenses/LICENSE-2.0)
 
+Security
+--------
+
+Because of how Python internally stores numbers, it is very hard (if not impossible) to make a pure-Python program secure against timing attacks. This library is no exception, so use it with care. See https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ for more info.
+
+
 Major changes in 4.1
 --------------------
author	Haibo Huang <hhb@google.com>	2021-01-13 03:58:05 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2021-01-13 03:58:05 +0000
commit	569b8caa975612752f2db7a1cc0e26d24858c6c6 (patch)
tree	8b0f9833bf8315485b5ffeb842d7b538522f9709 /README.md
parent	d2ee38649f9aaf29e7c4b89b4864e6b0b3f52171 (diff)
parent	bd1808f49480fd09e6488bb85e0e23a68b27b1d8 (diff)
download	rsa-569b8caa975612752f2db7a1cc0e26d24858c6c6.tar.gz