{"id":35297,"date":"2022-03-16T16:20:27","date_gmt":"2022-03-16T20:20:27","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=35297"},"modified":"2022-03-23T14:03:07","modified_gmt":"2022-03-23T18:03:07","slug":"removing-dead-batteries-from-the-python-standard-library","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/03\/16\/removing-dead-batteries-from-the-python-standard-library\/","title":{"rendered":"Removing Dead Batteries From the Python Standard Library"},"content":{"rendered":"<p><a href=\"https:\/\/peps.python.org\/pep-0594\/\">PEP 594<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=30673597\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/peps.python.org\/pep-0594\/\"><p>Back in the early days of Python, the interpreter came with a large set of useful modules. This was often referred to as &ldquo;batteries included&rdquo; philosophy and was one of the cornerstones to Python&rsquo;s success story. Users didn&rsquo;t have to figure out how to download and install separate packages in order to write a simple web server or parse email.<\/p><p>Times have changed. With the introduction of PyPI (n&eacute;e Cheeseshop), setuptools, and later pip, it became simple and straightforward to download and install packages.<\/p>\n<p>[&#8230;]<\/p>\n<p>On the other hand, Python&rsquo;s standard library is piling up with cruft, unnecessary duplication of functionality, and dispensable features.<\/p>\n<p>[&#8230;]<\/p>\n<p>The modules in this PEP have been selected for deprecation because their removal is either least controversial or most beneficial.<\/p><\/blockquote>\n<p>I&rsquo;m going to miss <code>cgi<\/code>\/<code>cgitb<\/code>. It&rsquo;s not high-performance, but it&rsquo;s simple and easy to deploy an endpoint with a single file. There doesn&rsquo;t seem to be an obvious replacement.<\/p>\n\n<p id=\"removing-dead-batteries-from-the-python-standard-library-update-2022-03-23\">Update (2022-03-23): <a href=\"https:\/\/lwn.net\/SubscriberLink\/888043\/66bf43728bb39692\/\">Jake Edge<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=30716844\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/lwn.net\/SubscriberLink\/888043\/66bf43728bb39692\/\">\n<p>Comparing that table with the one in our article on the introduction of the PEP shows that the broad strokes are the same, but the details have changed somewhat. The removals were meant to be largely non-controversial, so if good reasons to keep a module were raised&mdash;and the maintenance burden was low&mdash;it was retained.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/utcc.utoronto.ca\/~cks\/space\/blog\/python\/CGIModuleOurUsage\">Chris Siebenmann<\/a>:<\/p>\n<blockquote cite=\"https:\/\/utcc.utoronto.ca\/~cks\/space\/blog\/python\/CGIModuleOurUsage\"><p>Some of our CGIs are purely informational; they present some dynamic\ninformation on a web page, and don&rsquo;t take any parameters or otherwise\nparticularly interact with people. These CGIs tend to use <a href=\"https:\/\/docs.python.org\/3\/library\/cgitb.html\"><code>cgitb<\/code><\/a>\nso that if they have bugs, we have some hope of catching things.\nWhen these CGIs were written, <a href=\"https:\/\/docs.python.org\/3\/library\/cgitb.html\"><code>cgitb<\/code><\/a> was the easy way to do\nsomething, but these days I would log tracebacks to syslog using\n<a href=\"https:\/\/utcc.utoronto.ca\/~cks\/space\/blog\/python\/CGITracebacks\">my good way to format them<\/a>.<\/p><p>[&#8230;]<\/p><p>Others of our CGIs are interactive, such as the CGIs we use for\n<a href=\"https:\/\/utcc.utoronto.ca\/~cks\/space\/blog\/sysadmin\/DHCPPortalOverview\">our self-serve network access registration systems<\/a>. These CGIs need to extract\ninformation from submitted forms, so of course they use the\never-popular <code>cgi.FieldStorage<\/code> class. As far as I know there is\nand will be no standard library replacement for this, so in theory\nwe will have to do something here. Since we don&rsquo;t want file uploads,\nit actually isn&rsquo;t that much work to read and parse a standard <code>POST<\/code>\nbody, or we could just keep our own copy of <code>cgi.py<\/code> and use it in\nperpetuity.<\/p><\/blockquote>\n<p><a href=\"https:\/\/utcc.utoronto.ca\/~cks\/space\/blog\/python\/CGIFieldStorageIssues\">Chris Siebenmann<\/a>:<\/p>\n<blockquote cite=\"https:\/\/utcc.utoronto.ca\/~cks\/space\/blog\/python\/CGIFieldStorageIssues\">\n<p>Unfortunately there are some dark sides\nto <code>cgi.FieldStorage<\/code> (apart from any bugs it may have), and in\nfairness I should discuss them. Overall, <code>cgi.FieldStorage<\/code> is\nprobably safe for internal usage, but I would be a bit wary of\nexposing it to the Internet in hostile circumstances. The ultimate\nproblem is that in the name of convenience and just working,\n<code>cgi.FieldStorage<\/code> is pretty trusting of its input, and on the\ngeneral web one of the big rules of security is that your input is\nentirely under the control of an attacker.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>PEP 594 (via Hacker News): Back in the early days of Python, the interpreter came with a large set of useful modules. This was often referred to as &ldquo;batteries included&rdquo; philosophy and was one of the cornerstones to Python&rsquo;s success story. Users didn&rsquo;t have to figure out how to download and install separate packages in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2022-03-16T20:20:29Z","apple_news_api_id":"8eef2f5d-564c-4b8e-86ad-6b818317a46d","apple_news_api_modified_at":"2022-03-23T18:03:10Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/Aju8vXVZMS46GrWuBgxekbQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[4],"tags":[991,71,232,96],"class_list":["post-35297","post","type-post","status-publish","format-standard","hentry","category-programming-category","tag-open-source-software","tag-programming","tag-python","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/35297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=35297"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/35297\/revisions"}],"predecessor-version":[{"id":35358,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/35297\/revisions\/35358"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=35297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=35297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=35297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}