Skip to content

[3.9] gh-102950: Implement PEP 706 – Filter for tarfile.extractall (GH-102953)#104382

Merged
ambv merged 6 commits intopython:3.9from
encukou:tarfile-3.9
May 15, 2023
Merged

[3.9] gh-102950: Implement PEP 706 – Filter for tarfile.extractall (GH-102953)#104382
ambv merged 6 commits intopython:3.9from
encukou:tarfile-3.9

Conversation

@encukou
Copy link
Member

@encukou encukou commented May 11, 2023
edited by bedevere-bot
Loading

See Backporting & Forward Compatibility in PEP 706.

  • Backport b52ad18
  • Backport c8c3956
  • Remove the DeprecationWarning
  • Remove new __all__ entries
  • Adjust docs

@encukou encukou requested a review from ethanfurman as a code owner May 11, 2023 09:38
This was referenced May 11, 2023
Closed
Merged
@encukou encukou added the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label May 11, 2023
@bedevere-bot
Copy link

bedevere-bot commented May 11, 2023

🤖 New build scheduled with the buildbot fleet by @encukou for commit 2772bc6 🤖

If you want to schedule another build, you need to add the 🔨 test-with-buildbots label again.

@bedevere-bot bedevere-bot removed the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label May 11, 2023
@encukou
Copy link
Member Author

encukou commented May 15, 2023

Buildbots are green except:

  • WASI & Windows-bigmem builders fail to build 3.9 at all
  • macOS fails on unrelated issue (idle)

@ambv Do you want PEP-706 backported to 3.9?

@ambv
Copy link
Contributor

ambv commented May 15, 2023

@encukou if so, 3.8 is also still supported for security fixes. I'd lean +0 because it would:

  • 👍🏻 making the automated security checkers happy with those versions of Python; but
  • 👎🏻 most users of Python 3.9 won't be building and installing 3.9.17 anyway; and
  • 👎🏻 user code would have to employ a check for whether the filter functionality is available, and since this check will likely fail on 3.9 -- implement a workaround themselves anyway.

@encukou
Copy link
Member Author

encukou commented May 15, 2023

implement a workaround themselves anyway.

The workaround is quite involved in this case, so one of the suggestions is:

if hasattr(tarfile, 'data_filter'):
    my_tarfile.extractall(filter='data')
else:
    # remove this when no longer needed
    warn_the_user('Extracting may be unsafe; consider updating Python')
    my_tarfile.extractall()

See the PEP's section on backporting: https://peps.python.org/pep-0706/#backporting-forward-compatibility

most users of Python 3.9 won't be building and installing 3.9.17 anyway

FWIW, in RHEL we'll probably need to backport regardless of your decision (and probably go with a more aggressive variant, to boot).
Having it upstream could make life easier for other redistributors.

And yes, if it goes in, 3.8 and 3.7 is next.
Again FWIW: Red Hat is likely to put it in 3.6 as well.

@ambv
Copy link
Contributor

ambv commented May 15, 2023

@encukou if you're going to do it for Red Hat anyway, I will happily take it for 3.9 and 3.8. The window for 3.7 support closes in June and I'm sure @ned-deily would accept the filter for the last release of that, too.

@ambv ambv merged commit 98016f7 into python:3.9 May 15, 2023
@encukou encukou deleted the tarfile-3.9 branch May 15, 2023 16:54
@jameslamb jameslamb mentioned this pull request Jan 7, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ethanfurman ethanfurman Awaiting requested review from ethanfurman ethanfurman is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@encukou @bedevere-bot @ambv