[Python-Dev] Integrate BeautifulSoup into stdlib?
tseaver at palladion.com
Sat Mar 14 05:15:20 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Nick Coghlan wrote:
> Tres Seaver wrote:
>> You are plainly joking: nothing in Python should know or care about the
>> various bureaucratic insanities in some workplaces. Given the
>> *existing* stdlib and network connectivity, nothing any corporate
>> security blackshirt can do will prevent an even moderately-motivated
>> person from executing arbitrary code downloaded from elsewhere. In that
>> case, what is the point in trying to help those who impose such craziness?
> Network connectivity isn't a given, even today. So yes, there are
> environments that are secure (i.e. no network connectivity), and there
> are environments where developers are trusted (shock, horror) to
> actually follow company policy and get all licenses vetted by their
> Contracts group before installing downloaded software on company machines.
> Given that even some of the core developers work in environments like
> that, then yes, I believe Python can and should take reasonable steps to
> enable its use in such situations.
> And the most reasonably step Python can take on that front is to
> continue to provide a relatively powerful standard library *even if* a
> flexible and otherwise useful package management approach is added at
> some stage.
My inclination would be to leave the stdlib largely as is, except that
occostonally I would argue for ripping out a particular obsolete /
A couple of other points:
- - Absent a sufficiently powerful package management system, the pressure
to add modules to the stdlib (or keep them) is higher because it is
harder for *all* Python users to add them, or replace them if dropped.
- - The choice to add or remove a module to / from the stdlib should be
made on the merits of the module, without regard to the kind of
specialized deployment policies you outline.
- - Changing the stdlib in a new release of Python is probably irrelevant
for the kind of environments you allude to, as there is likely as much
review involved to approve a new version of Python as there was in
approving it in the first place: of the few I know of today, all are
still running Python 2.1.x and / or 2.2.x for this reason.
> If someone else decides to create a MinimalPython which consists solely
> of something like easy_install and whatever is needed to run it (i.e.
> the opposite of the "fat" bundles from folks like ActiveState and
> Enthought), then more power to them. But I don't believe the official
> releases from python.org should go that way.
Note that I am *not* advocating scrubbing / exploding the stdlib.
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Python-Dev