Issue 36309: Remove tempfile.mktemp() - Python tracker (original) (raw)

Issue36309

Created on 2019-03-16 00:49 by John Hagen, last changed 2022-04-11 14:59 by admin.

Pull Requests
URL Status Linked Edit
PR 12437 closed matrixise,2019-03-19 13:43
PR 15640 closed python-dev,2019-09-02 10:24
Messages (6)
msg338046 - (view) Author: John Hagen (John Hagen) * Date: 2019-03-16 00:49
tempfile.mktemp has been deprecated since Python 2.3 and has security concerns attached to it. Is it time that this is finally removed? https://docs.python.org/3/library/tempfile.html#tempfile.mktemp
msg338302 - (view) Author: Brett Cannon (brett.cannon) * (Python committer) Date: 2019-03-19 00:34
Unfortunately not because there is no warning being raised currently about the deprecation (it's only documented as deprecated; https://github.com/python/cpython/commit/44f602dd3b452bbacd3c85b1e5f9873c892b46e3). A PR raising an appropriate deprecation for at least one release would then allow us to consider removing it in subsequent release.
msg338304 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2019-03-19 00:50
There was a warning, but it was suppressed by this commit: commit 44f602dd3b452bbacd3c85b1e5f9873c892b46e3 Author: Guido van Rossum <guido@python.org> Date: Fri Nov 22 15:56:29 2002 +0000 Comment out the warnings about mktemp(). These are too annoying, and often unavoidable. diff --git a/Lib/tempfile.py b/Lib/tempfile.py index 97f125250b..0393ba5d30 100644 --- a/Lib/tempfile.py +++ b/Lib/tempfile.py @@ -324,9 +324,9 @@ def mktemp(suffix="", prefix=template, dir=None): the punch. """ - from warnings import warn as _warn - _warn("mktemp is a potential security risk to your program", - RuntimeWarning, stacklevel=2) +## from warnings import warn as _warn +## _warn("mktemp is a potential security risk to your program", +## RuntimeWarning, stacklevel=2) if dir is None: dir = gettempdir()
msg338305 - (view) Author: John Hagen (John Hagen) * Date: 2019-03-19 01:02
Should it be a DeprecationWarning instead of a RuntimeWarning? (or both since it's both deprecated and a security issue?)
msg338324 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2019-03-19 07:46
Taking to the account the widespread use of mktemp(), I think it needs more than one release for deprecation. This should be discussed on the Python-Dev mailing list first.
msg338348 - (view) Author: Stéphane Wirtel (matrixise) * (Python committer) Date: 2019-03-19 13:04
@Serhiy I have posted on the Python-dev mailing list. https://mail.python.org/pipermail/python-dev/2019-March/156721.html
History
Date User Action Args
2022-04-11 14:59:12 admin set github: 80490
2020-02-27 06:14:00 serhiy.storchaka link issue39768 superseder
2019-09-02 10:24:19 python-dev set pull_requests: + <pull%5Frequest15306>
2019-03-19 13:43:49 matrixise set keywords: + patchstage: patch reviewpull_requests: + <pull%5Frequest12392>
2019-03-19 13:04:06 matrixise set nosy: + matrixisemessages: +
2019-03-19 07:46:06 serhiy.storchaka set nosy: + serhiy.storchakamessages: +
2019-03-19 01:02:04 John Hagen set messages: +
2019-03-19 00:50:07 pablogsal set nosy: + pablogsalmessages: +
2019-03-19 00:34:26 brett.cannon set nosy: + brett.cannonmessages: +
2019-03-16 00:49:05 John Hagen create