[Python-Dev] FileCookieJars

R. David Murray rdmurray at bitdance.com
Mon Mar 11 13:44:01 CET 2013

On Sun, 10 Mar 2013 22:46:26 -0700, Demian Brecht <demianbrecht at gmail.com> wrote:
> On 2013-03-10 1:59 PM, R. David Murray wrote:
> I was hoping that there would be a little more interest (and potentially 
> some further historical context on why the module was implemented as it 
> was) from those in the group.

It isn't clear who wrote the original code.  It looks like Martin von
Löwis checked it in, so he may be the author (or not).  It is pretty
old code, checked in May 31 18:22:40 2004, according to the repo

> > If, that is, you are interested enough to continue to be the point person
> > for this, which probably won't be a short process:)
> I'm not sure who this was directed to (me or Steven), but I was looking 
> for an area in the stdlib that I could really sink my teeth into and get 
> my hands dirty with and this definitely seems to be just that. I figured 
> that it wouldn't be a short process and the more that I read up on RFC 
> 6265 (and 2965) and compare them to the implementation in cookie and 
> cookiejar, the more I'm thinking that this will be a relatively complex 
> and lengthy process. (Definitely interested in that btw :)).

It was directed to you.  We love having people pick up maintenance of
modules that don't currently have someone specifically interested in
them, so it is great that you are interested.  If you produce code and
proposals and keep asking, people *will* respond, though some patience
and persistence may be required.

> > The problem here is getting people interested, apparently:(
> >
> > Since I start my Pycon diversion-from-work next week, maybe I can find
> > some time to take at least a preliminary look.
> In case you haven't already seen it, I had posted a second patch (that 
> doesn't break the Liskov substitution principle as Terry pointed out 
> after reviewing my overzealous initial patch) here: 
> http://bugs.python.org/issue16901. I think the design is much more sane 
> than what's currently there and aligns with how HTTP cookies are 
> processed in urllib.request.

I haven't looked it over yet, but I put it on my todo list.

> Now having said all that, the more I think about it and the more I read, 
> the more I wonder why there are even specialized implementations (LWP 
> and Mozilla) in the stdlib to begin with. I would assume that the only 
> thing that the stdlib /should/ be covering is the RFC (6265, but still 
> allowing 2965).

Because reality.

Take a look at http://bugs.python.org/issue2193 (for example), and see
if you still want to tackle this topic :) (I hope you do).

> If there are deviations (and some are eluded to throughout the code), 
> then I would think that those should be handled by packages external to 
> the stdlib. It seems that the Mozilla implementation covers 2965, but 
> LWP is based on the Perl library (which isn't known to be supported by 
> any browser environment). Why is this even there to begin with? To 
> paraphrase the comments that I read in the code: "This isn't supported 
> by any browser, but they're easy to parse". In my mind, this shouldn't 
> be reason enough for inclusion in the stdlib.

Well, at the time it probably was.  And given that it is there, *someone*
is probably depending on it.  But, we can probably pay less attention
to that variant, and perhaps not carry it forward if we do decide
to go through a deprecation of some sort (*).

The other reality is that our cookie support won't be very useful if
it adheres strictly to the RFCs, since the servers and browsers don't.
What we need is something practical...which may differ to a greater or
lesser degree from what we currently have.

> I'd also go as far to say that if cookies are implemented as 
> consistently as, say, OAuth 2.0 providers (meaning very little to no 
> consistency), then there really shouldn't be a cookie implementation in 
> the stdlib anyway.

But there is, and in fact it *is* useful and used by many people, so
IMO it is worth maintaining.

> So to sum it up, yes I'm very much interested in doing what I can to 
> help the development of the stdlib (more so interested in parts that 
> don't currently have experts listed, such as http and imaplib), but will 
> definitely need to be shown the ropes a bit as my professional life has 
> revolved around closed source games.

Excellent.  If you aren't already on the core-mentorship mailing list, you
might want to sign up.  Your approach (adopting modules without current
maintainers) is a good one.


(*) Our deprecation for stuff like this tends to be that we pretty much
stop maintaining it, document it as deprecated, but don't delete it.

More information about the Python-Dev mailing list