[docs] [PATCH] update tempfile docs to say that TemporaryFile is secure (issue 23725)

Wed Apr 15 02:40:14 CEST 2015

http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst
File Doc/library/tempfile.rst (left):

http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#oldcode55
Doc/library/tempfile.rst:55: :keyword:`with` statement, just like a
normal file.
Why did you remove this statement?

http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst
File Doc/library/tempfile.rst (right):

http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode25
Doc/library/tempfile.rst:25: The need to use the insecure :func:`mktemp`
function is eliminated.
How about we get even more radical.  Let's eliminate the mention of
mktemp from the documentation, except for a "Deprecated Functions"
section at the end, where we explain that it is deprecated because it is
insecure and anything you could do with it you can do with the
un-deprecated functions.

http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode27
Doc/library/tempfile.rst:27: instead a string of six random characters
is used.
Let's likewise eliminate the mention of the process id, and just leave
the explanation that six random characters are used.

http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode31
Doc/library/tempfile.rst:31: directories.  It is no longer necessary to
use the global *tempdir* variable.
The global tempdir variable can likewise be moved to the deprecated
section and removed from mention here.

http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode42
Doc/library/tempfile.rst:42: collected).  Under Unix, the directory
entry for the file is either not created at all or removed
"or is removed"

http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode247
Doc/library/tempfile.rst:247: 
There should be another blank line here.

http://bugs.python.org/review/23725/