Message157108
I'd been thinking the "escape the security fix" argument didn't apply, because the security fix requires opt-in anyway and the -R flag would fail immediately on a non-updated virtualenv.
But there is also the environment variable. It is quite possible that someone could update their system Python, set PYTHONHASHSEED and think they are protected from the hash collision vulnerability, but not be because they are running in a virtualenv. That is a strong argument for letting this break and forcing the update. |
|
Date |
User |
Action |
Args |
2012-03-29 21:53:27 | carljm | set | recipients:
+ carljm, loewis, barry, georg.brandl, jaraco, benjamin.peterson, dmalcolm, eric.snow |
2012-03-29 21:53:27 | carljm | set | messageid: <1333058007.81.0.890763827738.issue14444@psf.upfronthosting.co.za> |
2012-03-29 21:53:26 | carljm | link | issue14444 messages |
2012-03-29 21:53:26 | carljm | create | |
|