[Python-Dev] Remove tempfile.mktemp()
vstinner at redhat.com
Tue Mar 19 09:53:25 EDT 2019
I would prefer to keep tempfile.mktemp(), remove the deprecation, but
better explain the risk of race condition affecting security.
Le mar. 19 mars 2019 à 14:41, Chris Angelico <rosuav at gmail.com> a écrit :
> Can't you create a NamedTemporaryFile and permit the other program to
> use it? I just tried that (with TiMidity, even though it's quite
> capable of just writing to stdout) and it worked fine.
When I write tests, I don't really care of security, but
NamedTemporaryFile caused me many troubles on Windows: you cannot
delete a file if it's still open in a another program. It's way more
convenient to use tempfile.mktemp().
O_EXCL, open(tmpname, "wx"), os.open(tmpname, os.O_CREAT | os.O_EXCL |
os.O_WRONLY), etc. can be used to get an error if the file already
I agree that for production code where security matters,
tempfile.mktemp() must be avoided. But I would prefer to keep it for
"with NamedTemporaryFile() as tmp: name = tmp.name" isn't a great
replacement for tempfile.mktemp(): it creates the file and it opens
it, whereas I only want a file name and be the first file to create
and open it.
More information about the Python-Dev