classification
Title: Remove tempfile.mktemp()
Type: enhancement Stage: patch review
Components: Library (Lib) Versions: Python 3.8
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: John Hagen, brett.cannon, matrixise, pablogsal, serhiy.storchaka
Priority: normal Keywords: patch

Created on 2019-03-16 00:49 by John Hagen, last changed 2019-09-02 10:24 by python-dev.

Pull Requests
URL Status Linked Edit
PR 12437 closed matrixise, 2019-03-19 13:43
PR 15640 open python-dev, 2019-09-02 10:24
Messages (6)
msg338046 - (view) Author: John Hagen (John Hagen) * Date: 2019-03-16 00:49
tempfile.mktemp has been deprecated since Python 2.3 and has security concerns attached to it. Is it time that this is finally removed?

https://docs.python.org/3/library/tempfile.html#tempfile.mktemp
msg338302 - (view) Author: Brett Cannon (brett.cannon) * (Python committer) Date: 2019-03-19 00:34
Unfortunately not because there is no warning being raised currently about the deprecation (it's only documented as deprecated; https://github.com/python/cpython/commit/44f602dd3b452bbacd3c85b1e5f9873c892b46e3). A PR raising an appropriate deprecation for at least one release would then allow us to consider removing it in subsequent release.
msg338304 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2019-03-19 00:50
There was a warning, but it was suppressed by this commit:

commit 44f602dd3b452bbacd3c85b1e5f9873c892b46e3
Author: Guido van Rossum <guido@python.org>
Date:   Fri Nov 22 15:56:29 2002 +0000

    Comment out the warnings about mktemp().  These are too annoying, and
    often unavoidable.

diff --git a/Lib/tempfile.py b/Lib/tempfile.py
index 97f125250b..0393ba5d30 100644
--- a/Lib/tempfile.py
+++ b/Lib/tempfile.py
@@ -324,9 +324,9 @@ def mktemp(suffix="", prefix=template, dir=None):
     the punch.
     """

-    from warnings import warn as _warn
-    _warn("mktemp is a potential security risk to your program",
-          RuntimeWarning, stacklevel=2)
+##    from warnings import warn as _warn
+##    _warn("mktemp is a potential security risk to your program",
+##          RuntimeWarning, stacklevel=2)

     if dir is None:
         dir = gettempdir()
msg338305 - (view) Author: John Hagen (John Hagen) * Date: 2019-03-19 01:02
Should it be a DeprecationWarning instead of a RuntimeWarning? (or both since it's both deprecated and a security issue?)
msg338324 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2019-03-19 07:46
Taking to the account the widespread use of mktemp(), I think it needs more than one release for deprecation.

This should be discussed on the Python-Dev mailing list first.
msg338348 - (view) Author: Stéphane Wirtel (matrixise) * (Python committer) Date: 2019-03-19 13:04
@Serhiy

I have posted on the Python-dev mailing list.

https://mail.python.org/pipermail/python-dev/2019-March/156721.html
History
Date User Action Args
2019-09-02 10:24:19python-devsetpull_requests: + pull_request15306
2019-03-19 13:43:49matrixisesetkeywords: + patch
stage: patch review
pull_requests: + pull_request12392
2019-03-19 13:04:06matrixisesetnosy: + matrixise
messages: + msg338348
2019-03-19 07:46:06serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg338324
2019-03-19 01:02:04John Hagensetmessages: + msg338305
2019-03-19 00:50:07pablogsalsetnosy: + pablogsal
messages: + msg338304
2019-03-19 00:34:26brett.cannonsetnosy: + brett.cannon
messages: + msg338302
2019-03-16 00:49:05John Hagencreate