[Mailman-Developers] GET vs POST (was Re: subscription confirmations)

[Barry A. Warsaw]

I have a couple of questions and comments, and then I /really/ need to
get some sleep, so I'll follow up with more tomorrow.

If state changing GETs break the standards, then why does e.g. Apache
by default allow you to GET a cgi program?  Apache is the most common
web server (certainly on Mailman-friendly OSes) so I would think that
it should adhere to the specs pretty closely.

Aren't the majority of cgi programs of a state-changing nature?  Sure,
you've got your odd search interface, but even a script like Mailman's
private.py changes state: you get authenticated and a cookie gets
dropped, and now your interactions are governed by a change in state.

Wouldn't it therefore make sense for Apache to in general disallow
GETs to programs by default, with some enabling technique to allow
specific state-neutral programs to be GETted?

I'll also mention that it seems to me that strict adherence to this
rule would be pretty harmful to a platform like Zope, where urls are
really encoded object access and execution commands (like RPC via
urls).

sleepi-ly y'rs,
-Barry