[Python-Dev] Remove tempfile.mktemp()

Anders Munch ajm at flonidan.dk
Wed Mar 20 04:47:53 EDT 2019

Greg Ewing:
> So use NamedTemporaryFile(delete = False) and close it before passing it to the other program.

That's effectively the same as calling tempfile.mktemp.   While it does waste time opening and closing an unused file, that doesn't help with security.  If anything, it might worsen security.

If a secure implementation of mktemp is truly impossible, then the same could be said for NamedTemperatoryFile(delete=False). Should that be deprecated as well?

regards, Anders

More information about the Python-Dev mailing list