E. Paine <paineeli...@gmail.com> added the comment:

> Most of them are in tests. There is no security issue there
TBH, I don't know enough about the exploit to comment, but it seems that the 
tempfile tests take this seriously (Lib/test/test_tempfile.py:782 "For safety, 
all use of mktemp must occur in a private directory.")

> distutils and msilib are dropped
Is this wise? As you noted, PEP 594 and PEP 632 have yet to be approved (in 
which case, should we not still be looking at these modules, particularly as 
PEP 594 has been around for a while).

> if someone wants to fix pydoc

I am currently drafting a PR which will replace it with `NamedTemporaryFile` 
(and while we're at it, replace the `os.system` call with `subprocess.run`)

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue42278>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to