On Fri, Apr 15, 2011 at 8:59 AM, Antoine Pitrou
Relying on a vendor distribution (such as a Linux distro, or ActiveState) is hopefully enough to get these security updates in time without patching anything by hand. I don't think many people compile Python for production use, but many do use our Windows installers.
Antoine, I actually expect many companies build their own Python for production use; relying on the system Python has long been considered a stability vulnerability by many of us. This is especially the case for large deployments, where machines are less likely to receive updates quickly. I'd strongly recommend making sure releases are available for download quickly in cases like this, even if (in any particular case) we think a vulnerability is unlikely to affect many users. Whenever we think something like that, we're always wrong. -Fred -- Fred L. Drake, Jr. <fdrake at acm.org> "Give me the luxuries of life and I will willingly do without the necessities." --Frank Lloyd Wright