[issue14444] Virtualenv not portable from Python 2.7.2 to 2.7.3 (os.urandom missing)
Jason R. Coombs
report at bugs.python.org
Thu Mar 29 21:42:10 CEST 2012
Jason R. Coombs <jaraco at jaraco.com> added the comment:
Martin makes a good point, but I see it somewhat differently.
virtualenv and its users have always accepted the risk of running an old interpreter against a different standard library (of the same minor version). So the risk of not receiving the security patch in the interpreter is well-known.
The risk they have not (previously) accepted (afaik) is that an interpreter of one patch version will not be compatible with the standard library of another patch version.
I could very well be wrong about the latter.
While I think we all agree that this is not a bug in Python, per se, the more practical matter is that this issue is likely to cause substantial trouble in practice, perhaps an unprecedented experience. I would hate for all the hard work that was put into this security fix to be tainted by cries of trouble caused by the fix (however unjustified). Providing backward-compatibility for virtualenv would avoid that risk and would not expose the users of virtualenv to any more risk than they've previously accepted.
For that reason, I'm +1 on the compatibility patch(es).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14444>
_______________________________________
More information about the Python-bugs-list
mailing list