Jason R. Coombs jar...@jaraco.com added the comment:
For posterity, here's the release notes that we had drafted on the pirate pad:
Note: This patch release of Python may have compatibility implications for
environments utilizing the third-party virtualenv. For more detail see XXX.
[the note
Benjamin Peterson benja...@python.org added the comment:
Closing, now that we've released finals.
--
resolution: - invalid
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
New submission from Jason R. Coombs jar...@jaraco.com:
Summary of this thread:
http://mail.python.org/pipermail/python-dev/2012-March/118233.html
When upgrading a host from Python 2.6.7 to 2.6.8 or from 2.7.2 to 2.7.3,
virtualenvs will no longer work if they attempt to use os.urandom. I have
Changes by Jason R. Coombs jar...@jaraco.com:
--
versions: +Python 3.1 -Python 3.3
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
___
___
Jason R. Coombs jar...@jaraco.com added the comment:
3.1 and 3.2 are affected as well.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
___
Carl Meyer c...@dirtcircle.com added the comment:
Alternatively, the conditional definition of urandom in os.py (removed in
http://hg.python.org/cpython/rev/a0f43f4481e0#l7.1) could be reintroduced,
allowing the new stdlib to be used with older interpreters. (Thanks to Dave
Malcolm for
Barry A. Warsaw ba...@python.org added the comment:
On Mar 29, 2012, at 06:25 PM, Carl Meyer wrote:
Carl Meyer c...@dirtcircle.com added the comment:
Alternatively, the conditional definition of urandom in os.py (removed in
http://hg.python.org/cpython/rev/a0f43f4481e0#l7.1) could be
Martin v. Löwis mar...@v.loewis.de added the comment:
I'm not so sure that it is desirable to make it compatible. It is ultimately
virtualenv's fault to use the 2.7.3 library with a 2.7.2 binary. If we get
this to work, people will still not gain the hash randomization. IOW, they
get the
Jason R. Coombs jar...@jaraco.com added the comment:
Martin makes a good point, but I see it somewhat differently.
virtualenv and its users have always accepted the risk of running an old
interpreter against a different standard library (of the same minor version).
So the risk of not
Benjamin Peterson benja...@python.org added the comment:
Running the python interpreter against a different version of the stdlib is
completely unsupported, and I'm surprised it hasn't broken more. I'm rejecting
any shims for it for 2.7 and 3.1.
--
Carl Meyer c...@dirtcircle.com added the comment:
There's no question that this is a case of virtualenv allowing users to do
something that's not supported.
Nonetheless, virtualenv is very widely used, and in practice it does not break
more often. This, however, will break for lots of users,
Changes by Dave Malcolm dmalc...@redhat.com:
--
nosy: +dmalcolm
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
___
___
Python-bugs-list
Benjamin Peterson benja...@python.org added the comment:
This bug will only happen in virtualenvs, though, so I expect virtualenv will
be blamed.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
Jason R. Coombs jar...@jaraco.com added the comment:
The consensus from the release managers seems to be don't patch, so I propose
we move forward with including the release notes as drafted.
--
___
Python tracker rep...@bugs.python.org
Changes by Eric Snow ericsnowcurren...@gmail.com:
--
nosy: +eric.snow
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
___
___
Python-bugs-list
Jason R. Coombs jar...@jaraco.com added the comment:
My mistake - Georg has not yet weighed in. Perhaps it's best to wait for his
opinion.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
Georg Brandl ge...@python.org added the comment:
I am with Benjamin. First we put a lot of effort into fixing this issue, and
then we're letting quite a lot of deployments (and I assume that quite a lot of
deployments *are* in virtualenvs) escape the fix? That doesn't sound right.
Barry A. Warsaw ba...@python.org added the comment:
On Mar 29, 2012, at 09:24 PM, Jason R. Coombs wrote:
My mistake - Georg has not yet weighed in. Perhaps it's best to wait for his
opinion.
I'm happy to go along with RM consensus. It should work the same in all
stable releases.
--
Carl Meyer c...@dirtcircle.com added the comment:
I'd been thinking the escape the security fix argument didn't apply, because
the security fix requires opt-in anyway and the -R flag would fail immediately
on a non-updated virtualenv.
But there is also the environment variable. It is quite
Changes by R. David Murray rdmur...@bitdance.com:
--
nosy: +r.david.murray
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
___
___
Changes by Éric Araujo mer...@netwok.org:
--
nosy: +eric.araujo
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1
___
___
Python-bugs-list
21 matches
Mail list logo