drop use of imghdr

[dkg]

imghdr is deprecated and will be removed in python 3.13 (see https://peps.python.org/pep-0594/#imghdr)

The relevant code in imghdr is just:

def test_jpeg(h, f):
    """JPEG data with JFIF or Exif markers; and raw JPEG"""
    if h[6:10] in (b'JFIF', b'Exif'):
        return 'jpeg'
    elif h[:4] == b'\xff\xd8\xff\xdb':
        return 'jpeg'

So we transplant it directly

[jbkkd]

Any chance this could get merged in the near future?

[ktdreyer]

@Commod0re would you please merge this PR and ship a new release to PyPI?

I've confirmed that the implementation here matches test_jpeg() in /usr/lib64/python3.11/imghdr.py. Also, I tested this conditional on a random JPG image and imagebytes[6:10] is indeed b'JFIF'.

[etzelc]

Python 3.13 was released last week, and the imghdr module has been removed. https://www.python.org/downloads/release/python-3130/.

Are there any remaining blockers for this PR?

[sshishov]

We cannot move to Python3.13 because of this blocker.

But instead of copy-pasting the code, maybe we can try to use some alternatives proposed in PEP-0594?

These are the alternatives proposed there:

• filetype
• puremagic
• python-magic

Hope that the issue will be resolved, either by "hardcoding" the old implementation or replacing with "supported" libraries.

[jenstroeger]

@dkg @sshishov I’ve been using python-magic for a while, and would recommend that:

>>> import magic
>>> 
>>> magic.from_buffer(imagebytes, mime=True)
'image/jpeg'

so the code in this PR could be changed to

if magic.from_buffer(imagebytes, mime=True) == 'image/jpeg':
    ...

Any chance to move this PR forward and support Python 3.13 soon?

Also, you may want to consider changing this line

PGPy/setup.cfg

Line 46 in 30a7571

python_requires = >=3.6

to exclude 3.14

python_requires = >=3.6,<3.14

to avoid future breakage.

[sshishov]

Hi @jenstroeger,

Unfortunately I am on the same boat as you. I am just the consumer/user of this repository and maintainer or contributor at least. Therefore we should find the person who has right access to this repo and ask him for this favor.

Best regards, Sergei

[sshishov]

@Commod0re , I can see that you have merged the latest MR to this repo. Could you please help us out here and move this repo to support latest Python please?

[memory]

@sshishov While we're waiting for this project to start moving forward again, I've made a (hopefully temporary) fork available on pypi that has this PR merged and also fixes the cryptography version requirement: https://pypi.org/project/PGPy13/

[sshishov]

Thank you @memory , we have started to use your fork meanwhile.

What we can do to revive this project? Anyone from original maintainers, could you please add new people to keep this project alive?

[memory]

@sshishov I'm really leery (to put it mildly) of being the primary maintainer of a deeply security-critical python module: I'm not a cryptographer or even a regular PGP user! It might be worth posting to HN or some similar venue to see if you can whip up some interest.

[noirbee]

To any other poor soul who ended up here: you can use the standard-imghdr package from PyPI: https://pypi.org/project/standard-imghdr/

Which is basically a packaged version of the stdlib module from < 3.13

--- /usr/lib/python3.12/imghdr.py       2025-04-09 06:44:59.000000000 +0200
+++ venv/lib/python3.13/site-packages/imghdr/__init__.py        2025-08-07 13:14:09.457241155 +0200
@@ -6,7 +6,13 @@
 __all__ = ["what"]
 
 
-warnings._deprecated(__name__, remove=(3, 13))
+# python-deadlib: Replace deprecation warning not to raise exception
+warnings.warn(
+    f"{__name__} was removed in Python 3.13. "
+    f"Please be aware that you are currently NOT using standard '{__name__}', "
+    f"but instead a separately installed 'standard-{__name__}'.",
+    DeprecationWarning, stacklevel=2
+)
 
 
 #-------------------------#

Again, not ideal, but at least it won't block your Python3.13+ upgrades.