Issue36309
Created on 2019-03-16 00:49 by John Hagen, last changed 2022-04-11 14:59 by admin.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 12437 | closed | matrixise, 2019-03-19 13:43 | |
| PR 15640 | closed | python-dev, 2019-09-02 10:24 | |
| Messages (6) | |||
|---|---|---|---|
| msg338046 - (view) | Author: John Hagen (John Hagen) * | Date: 2019-03-16 00:49 | |
tempfile.mktemp has been deprecated since Python 2.3 and has security concerns attached to it. Is it time that this is finally removed? https://docs.python.org/3/library/tempfile.html#tempfile.mktemp |
|||
| msg338302 - (view) | Author: Brett Cannon (brett.cannon) *  |
Date: 2019-03-19 00:34 | |
Unfortunately not because there is no warning being raised currently about the deprecation (it's only documented as deprecated; https://github.com/python/cpython/commit/44f602dd3b452bbacd3c85b1e5f9873c892b46e3). A PR raising an appropriate deprecation for at least one release would then allow us to consider removing it in subsequent release. |
|||
| msg338304 - (view) | Author: Pablo Galindo Salgado (pablogsal) * |
Date: 2019-03-19 00:50 | |
There was a warning, but it was suppressed by this commit: commit 44f602dd3b452bbacd3c85b1e5f9873c892b46e3 Author: Guido van Rossum <guido@python.org> Date: Fri Nov 22 15:56:29 2002 +0000 Comment out the warnings about mktemp(). These are too annoying, and often unavoidable. diff --git a/Lib/tempfile.py b/Lib/tempfile.py index 97f125250b..0393ba5d30 100644 --- a/Lib/tempfile.py +++ b/Lib/tempfile.py @@ -324,9 +324,9 @@ def mktemp(suffix="", prefix=template, dir=None): the punch. """ - from warnings import warn as _warn - _warn("mktemp is a potential security risk to your program", - RuntimeWarning, stacklevel=2) +## from warnings import warn as _warn +## _warn("mktemp is a potential security risk to your program", +## RuntimeWarning, stacklevel=2) if dir is None: dir = gettempdir() |
|||
| msg338305 - (view) | Author: John Hagen (John Hagen) * | Date: 2019-03-19 01:02 | |
Should it be a DeprecationWarning instead of a RuntimeWarning? (or both since it's both deprecated and a security issue?) |
|||
| msg338324 - (view) | Author: Serhiy Storchaka (serhiy.storchaka) * |
Date: 2019-03-19 07:46 | |
Taking to the account the widespread use of mktemp(), I think it needs more than one release for deprecation. This should be discussed on the Python-Dev mailing list first. |
|||
| msg338348 - (view) | Author: Stéphane Wirtel (matrixise) * |
Date: 2019-03-19 13:04 | |
@Serhiy I have posted on the Python-dev mailing list. https://mail.python.org/pipermail/python-dev/2019-March/156721.html |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:12 | admin | set | github: 80490 |
| 2020-02-27 06:14:00 | serhiy.storchaka | link | issue39768 superseder |
| 2019-09-02 10:24:19 | python-dev | set | pull_requests: + pull_request15306 |
| 2019-03-19 13:43:49 | matrixise | set | keywords:
+ patch stage: patch review pull_requests: + pull_request12392 |
| 2019-03-19 13:04:06 | matrixise | set | nosy:
+ matrixise messages: + msg338348 |
| 2019-03-19 07:46:06 | serhiy.storchaka | set | nosy:
+ serhiy.storchaka messages: + msg338324 |
| 2019-03-19 01:02:04 | John Hagen | set | messages: + msg338305 |
| 2019-03-19 00:50:07 | pablogsal | set | nosy:
+ pablogsal messages: + msg338304 |
| 2019-03-19 00:34:26 | brett.cannon | set | nosy:
+ brett.cannon messages: + msg338302 |
| 2019-03-16 00:49:05 | John Hagen | create | |