diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2014-01-27 16:37:04 -0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2014-01-27 16:37:04 -0800 |
commit | 61137bcd771f5e7e9f2f11625a75d15cb32b2816 (patch) | |
tree | e87b9d14353715d99ecfaa7eff50c23b632d93c3 /docs | |
parent | 24eb677117e79322fb07c2c807eef7bf2996828f (diff) | |
download | cryptography-61137bcd771f5e7e9f2f11625a75d15cb32b2816.tar.gz cryptography-61137bcd771f5e7e9f2f11625a75d15cb32b2816.tar.bz2 cryptography-61137bcd771f5e7e9f2f11625a75d15cb32b2816.zip |
Reword for clarity
Diffstat (limited to 'docs')
-rw-r--r-- | docs/contributing.rst | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/docs/contributing.rst b/docs/contributing.rst index f4bc769c..184ba214 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -60,11 +60,11 @@ always indistinguishable. As a result ``cryptography`` has, as a design philosophy: "make it hard to do insecure things". Here are a few strategies for API design which should be both followed, and should inspire other API choices: -If a user will need to compare a user provided value with a computed value (for -example, checking a signature on something), there should be an API provided -which performs the check for the user in a secure way (for example, using a -constant time comparison), rather than requiring the user to perform the -comparison themselves. +If it is necessary to compare a user provided value with a computed value (for +example, verifying a signature), there should be an API provided which performs +the verification in a secure way (for example, using a constant time +comparison), rather than requiring the user to perform the comparison +themselves. If it is incorrect to ignore the result of a method, it should raise an exception, and not return a boolean ``True``/``False`` flag. For example, a |