On Sun, May 10, 2015 at 4:13 AM, M.-A. Lemburg <m...@egenix.com> wrote:
> By providing a way to intentionally switch off the new default,
> we do make people aware of the risks and that's good enough,
> while still maintaining the contract people rightly expect of
> patch level releases of Python.

Just as long as it's the sysadmin, and NOT some random attacker over
the internet, who has the power to downgrade security. Environment
variables can be attacked in various ways.

ChrisA
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to