Ammar Askar <am...@ammaraskar.com> added the comment:
> What bothers me here is that we apparently changed de facto behavior between > maintenance releases, in the middle of 3.7's lifecycle, without warning, no > doubt because we didn't realize it would break third-party packages. Arguably, I think the programs that are affected by this vulnerability far outnumber the amount of third-party packages that will be broken. The trade-off here seems to be between the promise of compatibility and the promise of security, choosing compatibility strikes me as odd. ---------- nosy: +ammar2 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38216> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
