Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.9] gh-102950: Implement PEP 706 – Filter for tarfile.extractall (GH-102953) #104382

Merged
merged 6 commits into from
May 15, 2023
Merged

[3.9] gh-102950: Implement PEP 706 – Filter for tarfile.extractall (GH-102953) #104382

merged 6 commits into from
May 15, 2023

Conversation

encukou
Copy link
Member

@encukou encukou commented May 11, 2023
edited by bedevere-bot
Loading

See Backporting & Forward Compatibility in PEP 706.

  • Backport b52ad18
  • Backport c8c3956
  • Remove the DeprecationWarning
  • Remove new __all__ entries
  • Adjust docs

@encukou encukou requested a review from ethanfurman as a code owner May 11, 2023 09:38
This was referenced May 11, 2023
Closed
Merged
@encukou encukou added the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label May 11, 2023
@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @encukou for commit 2772bc6 🤖

If you want to schedule another build, you need to add the 🔨 test-with-buildbots label again.

@bedevere-bot bedevere-bot removed the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label May 11, 2023
@encukou
Copy link
Member Author

encukou commented May 15, 2023

Buildbots are green except:

  • WASI & Windows-bigmem builders fail to build 3.9 at all
  • macOS fails on unrelated issue (idle)

@ambv Do you want PEP-706 backported to 3.9?

@ambv
Copy link
Contributor

ambv commented May 15, 2023

@encukou if so, 3.8 is also still supported for security fixes. I'd lean +0 because it would:

  • 👍🏻 making the automated security checkers happy with those versions of Python; but
  • 👎🏻 most users of Python 3.9 won't be building and installing 3.9.17 anyway; and
  • 👎🏻 user code would have to employ a check for whether the filter functionality is available, and since this check will likely fail on 3.9 -- implement a workaround themselves anyway.

@encukou
Copy link
Member Author

encukou commented May 15, 2023

implement a workaround themselves anyway.

The workaround is quite involved in this case, so one of the suggestions is:

if hasattr(tarfile, 'data_filter'):
    my_tarfile.extractall(filter='data')
else:
    # remove this when no longer needed
    warn_the_user('Extracting may be unsafe; consider updating Python')
    my_tarfile.extractall()

See the PEP's section on backporting: https://peps.python.org/pep-0706/#backporting-forward-compatibility

most users of Python 3.9 won't be building and installing 3.9.17 anyway

FWIW, in RHEL we'll probably need to backport regardless of your decision (and probably go with a more aggressive variant, to boot).
Having it upstream could make life easier for other redistributors.

And yes, if it goes in, 3.8 and 3.7 is next.
Again FWIW: Red Hat is likely to put it in 3.6 as well.

@ambv
Copy link
Contributor

ambv commented May 15, 2023

@encukou if you're going to do it for Red Hat anyway, I will happily take it for 3.9 and 3.8. The window for 3.7 support closes in June and I'm sure @ned-deily would accept the filter for the last release of that, too.

@ambv ambv merged commit 98016f7 into python:3.9 May 15, 2023
@encukou encukou deleted the tarfile-3.9 branch May 15, 2023 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ethanfurman ethanfurman Awaiting requested review from ethanfurman ethanfurman is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@encukou @bedevere-bot @ambv