Carl Meyer <c...@dirtcircle.com> added the comment:

I'd been thinking the "escape the security fix" argument didn't apply, because 
the security fix requires opt-in anyway and the -R flag would fail immediately 
on a non-updated virtualenv.

But there is also the environment variable. It is quite possible that someone 
could update their system Python, set PYTHONHASHSEED and think they are 
protected from the hash collision vulnerability, but not be because they are 
running in a virtualenv. That is a strong argument for letting this break and 
forcing the update.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue14444>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to