DOcument that verify() apis should be provided

commit: 24eb677117e79322fb07c2c807eef7bf2996828f [log] [tgz]
author: Alex Gaynor <alex.gaynor@gmail.com> Mon Jan 27 16:15:54 2014 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> Mon Jan 27 16:15:54 2014 -0800
tree: ff8a52f5c314dece8dfefc2859943b7dc81e2930
parent: e62829e8bf52bdfc8b482c71fc245a64d53a7be6 [diff] [blame]
diff --git a/docs/contributing.rst b/docs/contributing.rst
index 3de41fd..f4bc769 100644
--- a/docs/contributing.rst
+++ b/docs/contributing.rst

@@ -60,6 +60,12 @@
 philosophy: "make it hard to do insecure things". Here are a few strategies for
 API design which should be both followed, and should inspire other API choices:
 
+If a user will need to compare a user provided value with a computed value (for
+example, checking a signature on something), there should be an API provided
+which performs the check for the user in a secure way (for example, using a
+constant time comparison), rather than requiring the user to perform the
+comparison themselves.
+
 If it is incorrect to ignore the result of a method, it should raise an
 exception, and not return a boolean ``True``/``False`` flag. For example, a
 method to verify a signature should raise ``InvalidSignature``, and not return
commit	24eb677117e79322fb07c2c807eef7bf2996828f	[log] [tgz]
author	Alex Gaynor <alex.gaynor@gmail.com>	Mon Jan 27 16:15:54 2014 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	Mon Jan 27 16:15:54 2014 -0800
tree	ff8a52f5c314dece8dfefc2859943b7dc81e2930
parent	e62829e8bf52bdfc8b482c71fc245a64d53a7be6 [diff] [blame]