Don't worry, the PYTHONHASHSEED setting does not get recorded in the bytecode header and the generated bytecode (even if it sometimes differs in trivial ways) is usable with all hash seed settings.
--Guido On Fri, May 12, 2017 at 6:06 AM, Freddy Rietdijk <freddyrietd...@fridh.nl> wrote: > Hi, > > On Nix we set PYTHONHASHSEED to 0 when building packages, disabling hash > randomization. We do this to improve determinism of the builds because we > store the bytecode next to the code. > > When one runs Python directly or via a script PYTHONHASHSEED is not set > thus enabling hash randomization. Am I correct when I say that in this case > Python still uses the reproducibly build bytecode and, because its now > running with a random seed we wouldn't be vulnerable to > http://www.ocert.org/advisories/ocert-2011-003.html ? Or would it also > try to each time also recompile bytecode? > > Kind regards, > > Freddy > > > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/ > guido%40python.org > > -- --Guido van Rossum (python.org/~guido)
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com