On Sun, May 11, 2008 at 9:07 AM, zooko <[EMAIL PROTECTED]> wrote: > Eric: > > Thanks for the summary. > > On May 11, 2008, at 9:49 AM, Eric Kow wrote: > > > > Not very much has changed, although the code has been simplified to > > use more standard libraries. In other words, temporary files which > > are used by darcs itself will still be created in the current > > directory, and not a designated temp. > > Does this imply that there is something wrong with the Haskell temp > file library? I mean, in Python-land, ever since Python 2.3 was > released in 2003, you just import the tempfile module [1] and call > "tempfile.mkstemp()" (or, if you want more specialized functionality > such as if you want a directory you call a different function from > that module). > > Why can't Haskell programmers do something like this, not worry about > security issues, and have their temp files created in the proper > place for tempfiles on their system?
>From glancing at the thread where Eric and David discuss this, I don't think it's about the creation per se. It seems that two issues were identified. One is that darcs shouldn't need to create a temp file for communicating to a pager (just use stdin/out). The other issue is how can darcs create a temporary file which can be safely closed and re-opened? The easiest way to make sure the file can be reopened without being subject to a malicious attack is to create the file somewhere that the user has exclusive control. Which more or less explains why darcs wanted to create the temp file in the current working directory. I think darcs had a wrapper for mkstemp but using more standard Haskell libraries has removed this code. I didn't fully read the documentation for the python package or experiment, but I suspect it doesn't solve the second issue directly either. Jason
_______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
