Per e-mail discussion:
Tomas Hoger noticed that the semantics of XML_SetHashSalt are surprising
when 0 is passed. That value does not force a fixed hash salt, as might be
expected from reading the API description, but instead implies use of a
random hash salt, per startParsing():
if (hash_secret_salt == 0)
hash_secret_salt = generate_hash_secret_salt();
Which is the desired semantics? It would be simple to fix either the header
or the implementation. pyexpat is apparently using XML_SetHashSalt(parser,
0) hoping for a fixed hash salt.
Affects Version: expat 2.1.0
Documentation corrected in reference.html rev. 1.76.
The sentinel value for the hash salt could be changed to a different value in a later release, if this behavior causes a real issue. However, no code should depend on the internal workings of the hash function in Expat.
Fixed by commit 891ec14f60e97515e69278fba6ee52381859a5fb, included with next release, closing.