Comment 12 for bug 1192966

If it's useless I agree we should get rid of it as a strengthening measure.
If it's useful then we could create a real tempdir in setup_env.

Most distributions are very fine without it. I guess you could set up your distribution of Swift or Glance in a way that relies on eggs for dep loading and requires the envvar being set. But then, THEY should set the envvar ?

In all cases, I think there is no reason to issue an advisory about that, since the base vulnerability is in setuptools and it's not really exploitable.

Grant: should we keep this embargoed so that it can be properly fixed in setuptools first ? Or can we open this bug publicly ?