[Python-Dev] Remove tempfile.mktemp()
On Tue, 19 Mar 2019 15:32:25 +0200
Serhiy Storchaka <storchaka at gmail.com> wrote:
> 19.03.19 15:03, St?phane Wirtel ????:
> > Suggestion and timeline:
> > 3.8, we raise a PendingDeprecationWarning
> > * update the code
> > * update the documentation
> > * update the tests
> > (check a PendingDeprecationWarning if sys.version_info == 3.8)
> > 3.9, we change PendingDeprecationWarning to DeprecationWarning
> > (check DeprecationWarning if sys.version_info == 3.9)
> > 3.9+, we drop tempfile.mktemp()
> This plan LGTM.
> Currently mkdir() is widely used in distutils, Sphinx, pip, setuptools,
> virtualenv, and many other third-party projects, so it will take time to
> fix all these places. But we should do this, because all this code
> likely contains security flaws.
The fact that many projects, including well-maintained ones such Sphinx
or pip, use mktemp(), may be a hint that replacing it is not as easy as
the people writing the Python documentation seem to think.