[Python-Dev] Remove tempfile.mktemp()
solipsis at pitrou.net
Tue Mar 19 09:23:39 EDT 2019
-1. Please don't remove tempfile.mktemp(). mktemp() is useful to
create a temporary *name*. All other tempfile functions create an
actual file and impose additional burden, for example by making the
file unaccessible by other processes. But sometimes all I want is a
temporary name that an *other* program will create / act on, not Python.
It's a very common use case when writing scripts.
The only reasonable workaround I can think of is to first create a
temporary directory using mkdtemp(), then use a well-known name inside
that directory. But that has the same security implications AFAICT,
since another process can come and create the file / symlink first.
On Tue, 19 Mar 2019 14:03:11 +0100
Stéphane Wirtel <stephane at wirtel.be> wrote:
> Context: raise a warning or remove tempfile.mktemp()
> BPO: https://bugs.python.org/issue36309
> Since 2.3, this function is deprecated in the documentation, just in the
> documentation. In the code, there is a commented RuntimeWarning.
> Commented by Guido in 2002, because the warning was too annoying (and I
> understand ;-)).
> So, in this BPO, we start to discuss about the future of this function
> and Serhiy proposed to discuss on the Python-dev mailing list.
> Question: Should we drop it or add a (Pending)DeprecationWarning?
> Suggestion and timeline:
> 3.8, we raise a PendingDeprecationWarning
> * update the code
> * update the documentation
> * update the tests
> (check a PendingDeprecationWarning if sys.version_info == 3.8)
> 3.9, we change PendingDeprecationWarning to DeprecationWarning
> (check DeprecationWarning if sys.version_info == 3.9)
> 3.9+, we drop tempfile.mktemp()
> What do you suggest?
> Have a nice day and thank you for your feedback.
More information about the Python-Dev