[Python-Dev] Integrate BeautifulSoup into stdlib?

Tres Seaver tseaver at palladion.com
Sat Mar 14 05:15:20 CET 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nick Coghlan wrote:
> Tres Seaver wrote:
>> You are plainly joking:  nothing in Python should know or care about the
>> various bureaucratic insanities in some workplaces.  Given the
>> *existing* stdlib and network connectivity, nothing any corporate
>> security blackshirt can do will prevent an even moderately-motivated
>> person from executing arbitrary code downloaded from elsewhere.  In that
>> case, what is the point in trying to help those who impose such craziness?
> 
> Network connectivity isn't a given, even today. So yes, there are
> environments that are secure (i.e. no network connectivity), and there
> are environments where developers are trusted (shock, horror) to
> actually follow company policy and get all licenses vetted by their
> Contracts group before installing downloaded software on company machines.
> 
> Given that even some of the core developers work in environments like
> that, then yes, I believe Python can and should take reasonable steps to
> enable its use in such situations.
> 
> And the most reasonably step Python can take on that front is to
> continue to provide a relatively powerful standard library *even if* a
> flexible and otherwise useful package management approach is added at
> some stage.

My inclination would be to leave the stdlib largely as is, except that
occostonally I would argue for ripping out a particular obsolete /
bitrotted module.

A couple of other points:

- - Absent a sufficiently powerful package management system, the pressure
  to add modules to the stdlib (or keep them) is higher because it is
  harder for *all* Python users to add them, or replace them if dropped.

- - The choice to add or remove a module to / from the stdlib should be
  made on the merits of the module, without regard to the kind of
  specialized deployment policies you outline.

- - Changing the stdlib in a new release of Python is probably irrelevant
  for the kind of environments you allude to, as there is likely as much
  review involved to approve a new version of Python as there was in
  approving it in the first place:  of the few I know of today, all are
  still running Python 2.1.x and / or 2.2.x for this reason.

> If someone else decides to create a MinimalPython which consists solely
> of something like easy_install and whatever is needed to run it (i.e.
> the opposite of the "fat" bundles from folks like ActiveState and
> Enthought), then more power to them. But I don't believe the official
> releases from python.org should go that way.

Note that I am *not* advocating scrubbing / exploding the stdlib.



Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJuy9Y+gerLs4ltQ4RAranAJ4rCXgq0opHPki6OmlABbaqE3D1sQCeJ7Zt
Em6VMK1u+6+xYsoqixwfoJ4=
=YzN7
-----END PGP SIGNATURE-----

More information about the Python-Dev mailing list