https://bugzilla.redhat.com/show_bug.cgi?id=1202604 --- Comment #11 from Stephen Gallagher <sgallagh@xxxxxxxxxx> --- (In reply to Zbigniew Jędrzejewski-Szmek from comment #10) > TemporaryFile and NamedTemporaryFile and mkstemp share the implementation, > so there's no difference in security, only in the way that file is > automatically deleted. > I generally avoid assuming implementations when the documentation implies otherwise. From the docs, it sounds like mkstemp() is *guaranteed* to behave this way, whereas there is no mention of security from NamedTempFile in the docs. The fact that it's currently implemented the same isn't necessarily relevant. > But this actually makes things more complicated for the user, because if the > have only the non-default version installed, there's no /usr/bin/sscg. So > maybe there shouldn't be packages for both versions, just one, always > providing /usr/bin/sscg, and internally it should use either python2 or > python3, whichever one is the default for this Fedora version. > That's a reasonable argument, I suppose. If I went this route, do you think I should rename the package to simply 'sscg' then? It seems to me that, despite installing into the python_sitedir, since I'm only using it as a script I should probably just package it as its upstream name (using the same logic that packages like Transifex and ReviewBoard don't lead with python-). What do you think? The only reason I named it python[3]-sscg was to support dual-mode installation. > > > In the python code, a bare try: ... except: (without any exception na > > > after "except") is used. In some places the exception is re-raised, but in > > > others not. This is a problem because the script might be ended with ^C (or > > > a signal) and silently "swallow" the exception. The script should always > > > exit after being interrupted. It also should not print an error message like > > > "Failed to write..." when killed. > > Ah, where did I do that? It wasn't intentional. > I'm not sure about what one specifically you're asking... "bare" except is > used almost everywhere. > > In src/sscg/main.py there is this: > > try: > os.unlink(file) > except: > # Nothing we can do if we get an error > pass I should probably log an error there, but no matter what exception I get, there's no solution... > > > > It seems that gettext is called on formatted arguments: > > > _("Could not write to {0}. Error: {1}".format(...)) > > > but it should be before: > > > _("Could not write to {0}. Error: {1}").format(...) > > > > > > > Typo, thanks for catching it. > > > Yes, binary is the default. But decoding goes from bytes to unicode (i.e. > text, i.e. str in Python 3). Encoding goes from text (i.e. str) to a > specific encoding, for example UTF-8, and the bytes type. So you were > writing text to a binary file. This actually does not work in Python 3: > > >>> f = tempfile.NamedTemporaryFile() > >>> f.write('blah') > Traceback (most recent call last): > File "<stdin>", line 1, in <module> > File "/usr/lib64/python3.4/tempfile.py", line 399, in func_wrapper > return func(*args, **kwargs) > TypeError: 'str' does not support the buffer interface > > although it does work under Python 2. Well, the problem here is that pyOpenSSL behaves differently between python2 and python3. On python2, crypto.dump_certificate() returns a str, but it returns a binary type on python3. To support both language versions, I just always pipe it through a conversion to UTF-8. I could do it the opposite direction if that seems more sensible. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review