[docs] [issue23725] update tempfile docs to say that TemporaryFile is secure
Zbyszek Jędrzejewski-Szmek
report at bugs.python.org
Sat Apr 18 17:19:26 CEST 2015
Zbyszek Jędrzejewski-Szmek added the comment:
Replying to review here... I get 500 server error in the patch review reply dialogue :(
On 2015/04/15 02:40:14, r.david.murray wrote:
> http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst
> File Doc/library/tempfile.rst (left):
>
> http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#oldcode55
> Doc/library/tempfile.rst:55: :keyword:`with` statement, just like a normal file.
> Why did you remove this statement?
It is redundant. The fact that this can be used as CM is already mentioned in the introduction and in the description of TemporaryFile.
> http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst
> File Doc/library/tempfile.rst (right):
>
> http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode25
> Doc/library/tempfile.rst:25: The need to use the insecure :func:`mktemp`
> function is eliminated.
> How about we get even more radical. Let's eliminate the mention of mktemp from
> the documentation, except for a "Deprecated Functions" section at the end, where
> we explain that it is deprecated because it is insecure and anything you could
> do with it you can do with the un-deprecated functions.
Agreed. I'll submit a new version which removes all the historical notes and adds a "Deprecated" section at the end for tempdir and mktemp.
> http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode27
> Doc/library/tempfile.rst:27: instead a string of six random characters is used.
> Let's likewise eliminate the mention of the process id, and just leave the
> explanation that six random characters are used.
OK.
> http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode31
> Doc/library/tempfile.rst:31: directories. It is no longer necessary to use the
> global *tempdir* variable.
> The global tempdir variable can likewise be moved to the deprecated section and
> removed from mention here.
OK.
> http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode42
> Doc/library/tempfile.rst:42: collected). Under Unix, the directory entry for
> the file is either not created at all or removed
> "or is removed"
OK.
> http://bugs.python.org/review/23725/diff/14592/Doc/library/tempfile.rst#newcode247
> Doc/library/tempfile.rst:247:
> There should be another blank line here.
v5:
- relegate `tempdir` and `mktemp` descriptions to 'Deprecated functions and variables' section at the end. This requires moving some descriptions around.
- add missing "is" pointed out in review
- add missing 's'
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23725>
_______________________________________
More information about the docs
mailing list