I'm not sure the relationship with mkdir and mktemp here. I don't see any uses of tempfile.mktemp in pip or setuptools, though they do use os.mkdir (which is not deprecated).
Both pip and setuptools use pytest's tmpdir_factory.mktemp() in their test suites, but I believe that is not the same thing. On 3/19/19 9:39 AM, Antoine Pitrou wrote: > On Tue, 19 Mar 2019 15:32:25 +0200 > Serhiy Storchaka <storch...@gmail.com> wrote: >> 19.03.19 15:03, Stéphane Wirtel пише: >>> Suggestion and timeline: >>> >>> 3.8, we raise a PendingDeprecationWarning >>> * update the code >>> * update the documentation >>> * update the tests >>> (check a PendingDeprecationWarning if sys.version_info == 3.8) >>> >>> 3.9, we change PendingDeprecationWarning to DeprecationWarning >>> (check DeprecationWarning if sys.version_info == 3.9) >>> >>> 3.9+, we drop tempfile.mktemp() >> This plan LGTM. >> >> Currently mkdir() is widely used in distutils, Sphinx, pip, setuptools, >> virtualenv, and many other third-party projects, so it will take time to >> fix all these places. But we should do this, because all this code >> likely contains security flaws. > The fact that many projects, including well-maintained ones such Sphinx > or pip, use mktemp(), may be a hint that replacing it is not as easy as > the people writing the Python documentation seem to think. > > Regards > > Antoine. > > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/paul%40ganssle.io
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com