Note that as of virtualenv 1.9, the embedded copy of pip is new enough that it does not suffer from this vulnerability. I'm leaving the security tag, as older versions of virtualenv are still affected, and leaving the severity as the embedded copy of pip is still problematic.
Unfortunately, I don't think a simple dependency on python-pip is good enough to replace the embedded copy; virtualenv needs a source distribution of pip (in order to install it into the virtualenvs it creates), but the python-pip binary package contains a "binary" distribution of pip which I don't think can be used to install pip into a virtualenv. -- mithrandi, i Ainil en-Balandor, a faer Ambar _______________________________________________ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
