On Fri, Jan 20, 2012 at 2:54 PM, Carl Meyer <c...@oddbird.net> wrote: > I don't have the expertise to speak otherwise to the alternatives for > fixing the collisions vulnerability, but I don't believe it's accurate > to presume that Django would not want to fix a dict-ordering dependency, > and use that as a justification for one approach over another.
It's more a matter of wanting deployment of a security fix to be as painless as possible - a security fix that system administrators can't deploy because it breaks critical applications may as well not exist. Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
