[Python-Dev] Warnings

Raymond Hettinger python at rcn.com
Thu Feb 5 17:35:30 CET 2009 

>> import os
>>> os.tmpnam()
RuntimeWarning: tmpnam is a potential security risk to your program


Are these runtime warnings necessary?  Suppressing these warnings is a pita for one-off uses of os.tmpnam() or os.tempnam().

I would hate for this sort of thing to propagate throughout the standard library.  Some folks think eval() should never be used and 
the same for input().  Some folks think md5 should be removed.  Some folks think pickles are the ultimate security threat.  IMO, it 
is enough to note potential vulnerabilities in the docs.  Even then, I'm not too keen on the docs being filled with lots of 
red-outlined pink-boxed warning signs, effectively communicating that Python itself is dangerous and unreliable.


Raymond


---------------------------------
Happy FUN BALL! -only $14.95-

Warning: Pregnant women, the elderly and children under 10 should avoid prolonged exposure to Happy Fun Ball.
Caution: Happy Fun Ball may suddenly accelerate to dangerous speeds. Happy Fun Ball Contains a liquid core, which, if exposed due to 
rupture, should not be touched, inhaled, or looked at. Do not use Happy Fun Ball on concrete.

Discontinue use of Happy Fun Ball if any of the following occurs:
Itching, Vertigo, Dizziness Tingling in extremities, Loss of balance or coordination
Slurred speech, Temporary blindness, Profuse sweating, Heart palpitations

If Happy Fun Ball begins to smoke, get away immediately. Seek shelter and cover head.
Happy Fun Ball may stick to certain types of skin.
When not in use, Happy Fun Ball should be returned to its special container and kept under refrigeration...
Failure to do so relieves the makers of Happy Fun Ball, Wacky Products Incorporated, and its parent company Global Chemical 
Unlimited, of any and all liability.
Ingredients of Happy Fun Ball include an unknown glowing substance which fell to Earth, presumably from outer space.
Happy Fun Ball has been shipped to our troops in Saudi Arabia and is also being dropped by our warplanes on Iraq.
Do not taunt Happy Fun Ball.
Happy Fun Ball comes with a lifetime guarantee.
Happy Fun Ball
ACCEPT NO SUBSTITUTES!

More information about the Python-Dev mailing list