> Sorry to revive this thread, but mktemp() is very useful when the file is > meant > to be created by another application (e.g. launched by subprocess, but it > could > even be a daemon running under a different user). For example if I have a > processing chain to converts a PDF to a temporary JPEG using an external tool > and then does other things with the JPEG: I don't want Python to actually > create the file, just to generate an unique filename.
Are you (or are you not) aware that this strategy allows for malicious code to provide you with a fake JPEG file? If so, does it not concern you? As others have said: the reason the function is deprecated is that it is easy to run into security problems while using it, and users are often unaware of the security implications. Of course, for many applications, there is no real threat, and any risk might be acceptable. Unfortunately, if a security catastrophe results from the function, blame is (correctly) also upon Python for providing the function in the first place. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
