[Python-Dev] Improved tmpfile module
Tim Peters
tim.one@comcast.net
Tue, 25 Jun 2002 11:23:28 -0400
[Greg Ward, to Zack Weinberg]
> ../
> Overall I'm +1 on the idea of improving tempfile with an eye to
> security. +0 on implementation, mainly because I don't understand how
> your arrangement of TemporaryFile and friends is better than what we
> have.
-1 on the implementation here, because it didn't start with current CVS, so
is missing important work that went into improving this module on Windows
for 2.3. Whether spawned/forked processes inherit descriptors for "temp
files" is also a security issue that's addressed in current CVS but seemed
to have gotten dropped on the floor here.
A note on UI: for many programmers, "it's a feature" that temp file names
contain the pid. I don't think we can get away with taking that away no
matter how stridently someone claims it's bad for us <wink>.