On Sun, Feb 06, 2022 at 03:08:40PM +0100, Victor Stinner wrote: > I propose to deprecate the urllib module in Python 3.11. It would emit > a DeprecationWarning which warn users, so users should consider better > alternatives like urllib3 or httpx: well known modules, better > maintained, more secure, support HTTP/2 (httpx), etc. > > I don't propose to schedule its removal. Let's discuss the removal in > 1 or 2 years.
I am not certain if we can deprecate/remove the whole 'urllib' module without any good plan for replacement of its facilities within the stdlib. There is heavy usage of urllib.parse in multiple projects (including in urllib3), and parse is semi-maintained. > Let's come back to urllib: > * It's API is too complicated > * It doesn't support HTTP/2 nor HTTP/3 > * It's barely maintained: there are 121 open issues including 3 security > issues! I agree with all of these. I think that removing the old cruft code, might lead to us to closing a number of open issues. > The 3 open security issues: Just because if something marked 'security' doesn't make it actionable too. For instance the last one asks for urllib to maintain client state to be safe against a scenario, which it never did. I don't think it is time to deprecate the urllib module. It will be too disruptive IMO. SO, -1. Right now, I don't have a solution. My suggestion will be we close old bugs, and remove old code (aka maintain a bit, and it falls on me too). Then we can probably chart out a deprecation / replacement path in a non-disruptive manner. -- Senthil _______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/ORQEJXJTZDYYV53MHKXTJ3Q6W72AUSGA/ Code of Conduct: http://python.org/psf/codeofconduct/
