Btw, having predictable filenames in /tmp/ can be *really* bad.
Attack vector: Mallory links /tmp/pithos.debug.log to ~/.gnupg/secring.gpg. If Pithos doesn't do a lot of checking, it'll overwrite your secret key on start.
I'd use tempfile.mkstemp(prefix="pithos-debug-", suffix=".log"), or store logs in a subdirectory of ~.
Btw, having predictable filenames in /tmp/ can be *really* bad.
Attack vector: Mallory links /tmp/pithos. debug.log to ~/.gnupg/ secring. gpg. If Pithos doesn't do a lot of checking, it'll overwrite your secret key on start.
I'd use tempfile. mkstemp( prefix= "pithos- debug-" , suffix=".log"), or store logs in a subdirectory of ~.