Don't worry, the PYTHONHASHSEED setting does not get recorded in the
bytecode header and the generated bytecode (even if it sometimes differs in
trivial ways) is usable with all hash seed settings.

--Guido

On Fri, May 12, 2017 at 6:06 AM, Freddy Rietdijk <freddyrietd...@fridh.nl>
wrote:

> Hi,
>
> On Nix we set PYTHONHASHSEED to 0 when building packages, disabling hash
> randomization. We do this to improve determinism of the builds because we
> store the bytecode next to the code.
>
> When one runs Python directly or via a script PYTHONHASHSEED is not set
> thus enabling hash randomization. Am I correct when I say that in this case
> Python still uses the reproducibly build bytecode and, because its now
> running with a random seed we wouldn't be vulnerable to
> http://www.ocert.org/advisories/ocert-2011-003.html ? Or would it also
> try to each time also recompile bytecode?
>
> Kind regards,
>
> Freddy
>
>
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev@python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/
> guido%40python.org
>
>


-- 
--Guido van Rossum (python.org/~guido)
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to