[Python-Dev] Remove tempfile.mktemp()

Sebastian Krause sebastian at realpath.org
Tue Mar 19 13:16:29 EDT 2019

Guido van Rossum <guido at python.org> wrote:
> If all you need is a random name, why not just use a random number
> generator?
> E.g. I see code like this:
>     binascii.hexlify(os.urandom(8)).decode('ascii')

I tend to use os.path.join(dir, str(uuid.uuid4())) if I need to
create a random filename to pass to another program. However, it
would be nice to have a standard helper function that also allows me
to specify a prefix and suffix. Shouldn't it be possible to just
modify tempfile.mktemp() to generate much longer random filenames so
that it is virtually impossible that another program has already
created a file with the same name? Then the security problem is
gone, there is no need to continue deprecating this function and all
programs using it should continue to work.

More information about the Python-Dev mailing list