Hi, On Nix we set PYTHONHASHSEED to 0 when building packages, disabling hash randomization. We do this to improve determinism of the builds because we store the bytecode next to the code.
When one runs Python directly or via a script PYTHONHASHSEED is not set thus enabling hash randomization. Am I correct when I say that in this case Python still uses the reproducibly build bytecode and, because its now running with a random seed we wouldn't be vulnerable to http://www.ocert.org/advisories/ocert-2011-003.html ? Or would it also try to each time also recompile bytecode? Kind regards, Freddy
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
