It is not obvious to me that zipfile._extract_member() together with (for windows) zipfile._sanitize_windows_name() have handled everything
Va <d.python.dc54@indigo.re> added the comment: that could happen. What hasn't been handled then? What is the safe way to use it? I think documenting "this function is unsafe" without suggesting a replacement or a safe way to use it isn't very constructive: as a developer, I want to extract a zip archive, but the only function supposed to do the job tells me "this is unsafe". Ok, so what am I supposed to do to be safe? That's what documentation should tell me, not let me puzzled with doubt.
May I suggest that out of caution we leave it as it is?
I don't think the situation should stay like this. - either the documentation should be more precise on what are the problems that can occur, and how to handle those problems - or better, the function should be fixed and made fully safe, so all programs using it are safe (and the warning can be removed) ---------- _______________________________________ Python tracker <report@bugs.python.org> <https://bugs.python.org/issue40763> _______________________________________