First security bug related to f-strings

[eryk sun]

On Sat, Nov 5, 2016 at 6:50 PM, Irmen de Jong <irmen.NOSPAM at xs4all.nl> wrote:
> Perhaps. But in those cases you could just leave things on the default.
> If you choose to run the interpreter with eval (and exec) disabled, you should be aware
> that you'll break tools like that. But for other situations (web server etc) it could
> still be useful? I do agree that not being able to use namedtuple (and perhaps other
> things from the stdlib) is a problem then.

Breaking importlib at startup is not an option. An application would
need to import everything before disabling exec.