Va <d.python.d...@indigo.re> added the comment:
> It is not obvious to me that zipfile._extract_member() together with (for windows) zipfile._sanitize_windows_name() have handled everything that could happen. What hasn't been handled then? What is the safe way to use it? I think documenting "this function is unsafe" without suggesting a replacement or a safe way to use it isn't very constructive: as a developer, I want to extract a zip archive, but the only function supposed to do the job tells me "this is unsafe". Ok, so what am I supposed to do to be safe? That's what documentation should tell me, not let me puzzled with doubt. > May I suggest that out of caution we leave it as it is? I don't think the situation should stay like this. - either the documentation should be more precise on what are the problems that can occur, and how to handle those problems - or better, the function should be fixed and made fully safe, so all programs using it are safe (and the warning can be removed) ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40763> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
