This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author jaraco
Recipients barry, benjamin.peterson, carljm, georg.brandl, jaraco, loewis
Date 2012-03-29.19:42:09
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1333050130.57.0.622151869532.issue14444@psf.upfronthosting.co.za>
In-reply-to
Content
Martin makes a good point, but I see it somewhat differently.

virtualenv and its users have always accepted the risk of running an old interpreter against a different standard library (of the same minor version). So the risk of not receiving the security patch in the interpreter is well-known.

The risk they have not (previously) accepted (afaik) is that an interpreter of one patch version will not be compatible with the standard library of another patch version.

I could very well be wrong about the latter.

While I think we all agree that this is not a bug in Python, per se, the more practical matter is that this issue is likely to cause substantial trouble in practice, perhaps an unprecedented experience. I would hate for all the hard work that was put into this security fix to be tainted by cries of trouble caused by the fix (however unjustified). Providing backward-compatibility for virtualenv would avoid that risk and would not expose the users of virtualenv to any more risk than they've previously accepted.

For that reason, I'm +1 on the compatibility patch(es).
History
Date User Action Args
2012-03-29 19:42:10jaracosetrecipients: + jaraco, loewis, barry, georg.brandl, benjamin.peterson, carljm
2012-03-29 19:42:10jaracosetmessageid: <1333050130.57.0.622151869532.issue14444@psf.upfronthosting.co.za>
2012-03-29 19:42:10jaracolinkissue14444 messages
2012-03-29 19:42:09jaracocreate