Paul Rubin wrote: > "Paul Boddie" <[EMAIL PROTECTED]> writes: > > Python should only incorporate functionality in order to offer a > > coherent experience (where the omission of functionality would > > otherwise lead to a flawed experience). For example, having support > > for SSL in the socket module offers a coherent experience because it > > means that urllib and related modules can offer to support SSL-related > > URLs out of the box. > > But they can't, because the built-in socket module SSL interface > doesn't check certificates, causing total security failure if someone > spoofs the remote site. The built-in SSL functionality is broken and > users have to resort to external packages.
I was really advocating improvements to the built-in SSL support, anyway, which was also what the complainant was suggesting before people started asking him mistakenly why he thought that Python was weakened by some third party packages (PyOpenSSL, M2Crypto). The choice here involves either improving the built-in support or unbundling SSL-based communications altogether. The former option obviously demands a certain amount of engineering, and then one might ask why there isn't a convenient framework for plugging in other flavours of sockets, for example, although there arguably aren't any as generally important as secure sockets. The latter option needs everyone to think about how you'd plug such stuff back into Python in a nice enough way, and then to get people to work on the right projects to provide something which does the job. > Then you have to ask why the stdlib includes anything like urllib in > the first place, under this "coherent experience" concept (I interpret > that as some kind of minimalist philosophy). Can't users have a > coherent experience if the stdlib doesn't include urllib? My own > answer is the one that I thought that the developers had settled on > years ago, namely "batteries included", i.e. ship a rich set of > libraries that provide a wide variety of useful functions, i.e. the > doctrine of minimalism has been explicitly rejected. Really, we have to ask whether including the batteries would save people a lot of work, not just in whether the end-user has to find out about an external package and then download something, but whether the logistics around developing the code, integrating it with Python, and maintaining it would be easier if people just included the stuff with Python. Here, you need some kind of consensus that feature X needs supporting and there's an approved way of supporting it which a group of people would be happy to maintain. Would it benefit the Python community (including core developers) more if Python shipped with SSL support out of the box, and would the cost of doing so ultimately be less than just pointing people at third party libraries and dealing with their problems? > We then get the question of whether to include any specific function and > that's where > comparisons with other languages come in. Would it benefit the Python community more if Python shipped with MySQL support out of the box? Is it likely that a user suddenly finds him/herself needing to connect to a MySQL database? Is it more likely that the user might suddenly find him/herself needing to download from a secure site, particularly if some tool (eg. setuptools) suddenly stumbles across an https URL. Some database systems have a choice of drivers/libraries/modules (PostgreSQL has quite a few, for example): choosing a module for standard library inclusion and integrating the development can be too high a barrier for such questions of inclusion to be resolved trivially. [...] > > So, for the less forward-thinking providers a metapackage would be the > > solution, then? > > I'm not sure what you mean by metapackage but in general the goal is > to minimize the number of places that the hosting provider (or OS > distro maintainer, or whatever) On various distributions you get packages which don't actually contain anything, but which indicate a suite of packages which are to be installed. So, if you install the ubuntu-desktop package on Ubuntu systems, you get the GNOME desktop environment and all the dependencies (and a bunch of other stuff). Perhaps there should be a python-mysql-hosting package for such providers. Paul -- http://mail.python.org/mailman/listinfo/python-list
