On 29/11/2018 17.32, Antoine Pitrou wrote:
We may ask ourselves if there is really a large difference between a "standard distribution" and a "standard library". The primary difference seems to be that the distribution is modular, while the stdlib is not.
Yes, there is a huge difference between a larger distribution and a stdlib. I'm going to ignore all legal issues and human drama of "choose your favorite kid", but start with a simple example.
I'm sure we can all agree that the requests library should be part of an extended Python distribution. After all it's the best and easiest HTTP library for Python. I'm using it on a daily basis. However I would require some changes to align it with other stdlib modules. Among others requests and urllib3 would have to obey sys.flags.ignore_environment and accept an SSLContext object. Requests depends on certifi to provide a CA trust store. I would definitely veto against the inclusion of certifi, because it's not just dangerous but also breaks my code.
If we would keep the standard distribution of Python as it is and just have a Python SIG offer an additional extended distribution on python.org, then I don't have to care about the quality and security of additional code. The Python core team would neither own the code nor takes responsibility of the code. Instead the extended distribution SIG merely set the quality standards and leave the maintance burden to the original owners. In case a library doesn't keep up or has severe flaws, the SIG may even decide to remove a package from the extended distribution.