On Sun, Mar 24, 2019 at 8:07 AM Brett Cannon wrote:
>
>
> I've made the same mistake of assuming something that made no sense to me
> wouldn't make sense to anyone else and I have been proven wrong nearly every
> time. ;)
>
> -Brett
>
And beta and RC phase can be used to detect such breakage.
On 3/23/19, Cameron Simpson wrote:
>
> Also, the common examples are attackers who are not the user making the
> tempfile, in which case the _default_ mktemp is sort of secure with the
> above because it gets made in /tmp which on a modern POSIX system
> prevents _other_ uses from
On 20Mar2019 12:53, Jeroen Demeyer wrote:
On 2019-03-20 12:45, Victor Stinner wrote:
You can watch the /tmp directory using inotify and "discover"
immediately the "secret" filename, it doesn't depend on the amount of
entropy used to generate the filename.
That's not the problem. The security
On Fri, Mar 22, 2019 at 6:19 PM Inada Naoki wrote:
> On Sat, Mar 23, 2019 at 3:02 AM Brett Cannon wrote:
> >
> >>
> >> There might be some small troubles. But it was small enough for
> >> Python minor versions, I think.
> >
> >
> > I don't think it's worth the cost to users. We can just
