On 8/26/07, Adam Hupp <[EMAIL PROTECTED]> wrote: > It would be useful to support 'newline' and 'encoding' arguments in > tempfile.TemporaryFile and friends. These new arguments would be > passed directly into io.open. I've uploaded a patch for this to: > > http://bugs.python.org/issue1033 > > The 'bufsize' argument to os.fdopen has changed to 'buffering' so I > went ahead and made the same change to TemporaryFile etc. Is this a > desirable?
Hm, why not just create the temporary file in binary mode and wrap an io.TextIOWrapper instance around it? > While in tempfile, I noticed that tempfile.mktemp() has the following comment: > > "This function is unsafe and should not be used." > > The docs list it as "Deprecated since release 2.3". Should it be > removed in py3k? I personally think the deprecation was an overreaction to the security concerns. People avoid the warning by calling mkstemp() but then just close the file descriptor and use the filename anyway; that's just as unsafe, but often there's just no other way. I say, remove the deprecation. The attack on mktemp() is much less likely because the name is much more random anyway. (If you haven't heard of the attack: another process could guess the name of the tempfile and quickly replacing it with a symbolic link pointing to a file owned by the user owning the process, e.g. /etc/passwd, which will then get overwritten. This is because /tmp is writable by anyone. It works for non-root users too, to some extent.) -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-3000 mailing list Python-3000@python.org http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
