On Mon, Jul 29, 2019 at 8:50 PM Robin Becker <ro...@reportlab.com> wrote: > My question is that since the package builders feel able to modify and affect > behaviour in such a simple case will they do it randomly elsewhere perhaps > leading to other less obvious changes. > > Should I always be using self build python versions?
If you want to maintain your own Python, then by all means, go ahead. I don't maintain my own Python 2.7, but I have a number of Python 3.x builds, since Debian Stretch doesn't ship with anything newer than 3.5. > It seems that ubuntu feels able to provide packages which are rc versions or > have a + indicating they're modified. They'll probably argue that this > improves > things and I shouldn't be using such low level code ....... :( The plus sign does indeed mean that it's modified, but often that just means they backported some (but not all) of the changes in newer 2.7.x builds. (Which, at the moment, would only be 2.7.16.) I can't speak specifically about tokenize, but if you're using it for anything that isn't actually Python code, you're vulnerable to this kind of change. I wouldn't normally expect it in a point release, though. ChrisA -- https://mail.python.org/mailman/listinfo/python-list