This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author epaine
Recipients dstufft, epaine, eric.araujo, eric.smith, paul.moore, serhiy.storchaka, steve.dower, tim.golden, zach.ware
Date 2020-11-08.14:41:32
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1604846493.13.0.980174406537.issue42278@roundup.psfhosted.org>
In-reply-to
Content 
> Most of them are in tests. There is no security issue there
TBH, I don't know enough about the exploit to comment, but it seems that the tempfile tests take this seriously (Lib/test/test_tempfile.py:782 "For safety, all use of mktemp must occur in a private directory.")

> distutils and msilib are dropped
Is this wise? As you noted, PEP 594 and PEP 632 have yet to be approved (in which case, should we not still be looking at these modules, particularly as PEP 594 has been around for a while).

> if someone wants to fix pydoc

I am currently drafting a PR which will replace it with `NamedTemporaryFile` (and while we're at it, replace the `os.system` call with `subprocess.run`)
History
Date User Action Args
2020-11-08 14:41:33epainesetrecipients: + epaine, paul.moore, eric.smith, tim.golden, eric.araujo, zach.ware, serhiy.storchaka, steve.dower, dstufft
2020-11-08 14:41:33epainesetmessageid: <1604846493.13.0.980174406537.issue42278@roundup.psfhosted.org>
2020-11-08 14:41:33epainelinkissue42278 messages
2020-11-08 14:41:32epainecreate