Whoops, you’re right. I suppose I should have no opinion on whether to deprecate it; I haven’t thought about it for over two decades… On Thu, Apr 14, 2022 at 16:33 Jelle Zijlstra <jelle.zijlstra@gmail.com> wrote:
El jue, 14 abr 2022 a las 12:21, Damian Shaw (<damian.peter.shaw@gmail.com>) escribió:
I searched grep.app and found no significant usage.
Maybe someone wants to inform mitmproxy?
It's a very popular tool and it comes up using that tool when searching for "import mailcap" using grep.app: https://grep.app/search?q=import%20mailcap
https://github.com/mitmproxy/mitmproxy/blob/main/mitmproxy/tools/console/mas...
Thanks for catching that! I missed it because I mistakenly searched for '"import mailcap"' in quotes. It looks like mitmproxy isn't vulnerable to the security issue because it only passes a filename from mkstemp() to mailcap, and hopefully mkstemp filenames don't have shell metacharacters in them. However, if we deprecate mailcap mitmproxy will have to change their code.
El jue, 14 abr 2022 a las 13:33, Guido van Rossum (<guido@python.org>) escribió:
Probably because it’s not a top level module — it’s inside the email package.
It's in fact a top-level module.
_______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-leave@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/25FNDJBE... Code of Conduct: http://python.org/psf/codeofconduct/
-- --Guido (mobile)