twisted bug: problematic for tahoe or not?

[meejah]

Thanks for the post.
I believe this _could_ in principal affect deployed services that have enabled "Great Black Swamp" / GBS, which allows clients to use (some) functionality without the Foolscap protocol (i.e. only HTTPS). The other use of Twisted Web is for the localhost API.

That said, I'm not even 100% sure we have pipelining enabled in either case, nor whether an attacker could actually leverage this some way. If anyone has ideas, please share :)

As to "plain" async I guess you mean "will Tahoe-LAFS transition to using the asyncio libraries instead of Twisted libraries" and the answer there is, "no". At least, there are no current plans to do that. Newer code can use "async def" and "await" though, and there _should_ be a better plan to transition towards this newer style of syntax (instead of Deferred.addCallbacks() etc style).

Note that you can use Twisted and asyncio together if you use the correct reactor -- but Tahoe-LAFS does not advertise nor support any sort of Python API currently. That means most client use should treat Tahoe-LAFS as a "black box" and it shouldn't matter what it's implemented in (e.g. not even Python).

-- 
meejah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tahoe-lafs.org/pipermail/tahoe-dev/attachments/20240801/b2e2738d/attachment.html>