[Python-Dev] Remove tempfile.mktemp()

[Paul Ganssle]

I'm not sure the relationship with mkdir and mktemp here. I don't see
any uses of tempfile.mktemp in pip or setuptools, though they do use
os.mkdir (which is not deprecated).

Both pip and setuptools use pytest's tmpdir_factory.mktemp() in their
test suites, but I believe that is not the same thing.

On 3/19/19 9:39 AM, Antoine Pitrou wrote:
> On Tue, 19 Mar 2019 15:32:25 +0200
> Serhiy Storchaka <storchaka at gmail.com> wrote:
>> 19.03.19 15:03, Stéphane Wirtel пише:
>>> Suggestion and timeline:
>>>
>>> 3.8, we raise a PendingDeprecationWarning
>>>      * update the code
>>>      * update the documentation
>>>      * update the tests
>>>        (check a PendingDeprecationWarning if sys.version_info == 3.8)
>>>
>>> 3.9, we change PendingDeprecationWarning to DeprecationWarning
>>>        (check DeprecationWarning if sys.version_info == 3.9)
>>>
>>> 3.9+, we drop tempfile.mktemp()  
>> This plan LGTM.
>>
>> Currently mkdir() is widely used in distutils, Sphinx, pip, setuptools, 
>> virtualenv, and many other third-party projects, so it will take time to 
>> fix all these places. But we should do this, because all this code 
>> likely contains security flaws.
> The fact that many projects, including well-maintained ones such Sphinx
> or pip, use mktemp(), may be a hint that replacing it is not as easy as
> the people writing the Python documentation seem to think.
>
> Regards
>
> Antoine.
>
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/paul%40ganssle.io

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-dev/attachments/20190319/f1aa8ebd/attachment.sig>