Message 163159 - Python tracker

I've increased the priority to "release blocker".

Reason:
We should come to an agreement how to handle the issue. In particular we must not pronounce something as secure that isn't secure.

Options:

1) Remove the function.

2) Rename the function to a more sensible name and provide a bytes only implementation. I like the Jon's proposal and suggest timingsafe_compare().

2b) optionally create a C implementation as it's much easier to check C code for timing issues.