From 6b2e3fcb083c102a81917a3e6641a451336d4598 2014-07-24 20:05:39
From: Kyle Kelley <kyle.kelley@rackspace.com>
Date: 2014-07-24 20:05:39
Subject: [PATCH] update comment

@ivanov is making the commit, but Kyle helped compose it, so he gets
points! Everything is awesome when you're part of a team!

---

diff --git a/IPython/kernel/zmq/session.py b/IPython/kernel/zmq/session.py
index d92507e..1ebdf16 100644
--- a/IPython/kernel/zmq/session.py
+++ b/IPython/kernel/zmq/session.py
@@ -28,15 +28,12 @@ except:
     import pickle
 
 try:
+    # We are using compare_digest to limit the surface of timing attacks
     from hmac import compare_digest
 except ImportError:
-    # Python < 2.7.7
-    import warnings
-    warnings.warn("You are using Python older than 2.7.7, please consider "
-            "updating to the latest version as it reduces a possible security"
-            " vulnerability.")
-    def compare_digest(a,b):
-        return a == b
+    # Python < 2.7.7: When digests don't match no feedback is provided,
+    # limiting the surface of attack
+    def compare_digest(a,b): return a == b
 
 import zmq
 from zmq.utils import jsonapi