[Python-Dev] PEP 594: Removing dead batteries from the standard library

Christian Heimes christian at python.org
Wed May 22 05:14:41 EDT 2019 

On 22/05/2019 08.30, Giampaolo Rodola' wrote:
> 
> 
> On Tue, 21 May 2019 at 04:30, Antoine Pitrou <solipsis at pitrou.net <mailto:solipsis at pitrou.net>> wrote:
> 
> 
>     NNTP is still quite used (often through GMane, but probably not only) so
>     I'd question the removal of nntplib.
> 
> 
> I concur nntplib should be left alone. There are possibly even less used network protocols such as telnet (tenetlib) which are not targeted by this PEP but could have been by following the same logic. FTP is another one that despite no longer popular, still has a constant user base (you’d be surprised by the amount of traffic we got over FTP in the last company I worked for). Overall, I think the bar for a module removal should be set very high, especially for “standard” things such as these network protocols, that despite being old are not likely to change. That means that also the maintenance burden for python-dev will be low or close to none after all. 

* To be honest, I missed telnetlib. https://github.com/python/peps/pull/1073
* The maintenance burden for nntplib is actually high, because tests are flaky.
* nntplib has no maintainer and is missing features like COMPRESS extension.

> It seems to me also spwd/crypt modules fall into this category (all UNIX platforms have the shadow password db, which is nice to have in python out of the box). In that case the removal appears to be more justified by the security implications than them being not widely used though, so I would use more caution and treat them differently (eg. opt for doc warning + investigate a possible replacement). Also note that spwd could be used to parse /etc/passwd, despite I admit its primary use case is password checking. Certain users may even not care about the additional security provided by PAM (eg. internal devop scripts).

spwd and crypt are dead batteries, because their usefulness has been surpassed about two decades (!) ago. They are also very dangerous batteries because they leak hydrofluoric acid at scale. It's as least as bad as the acid + bathtub scene from the first season of Breaking Bad [1]. HF is nasty [2].

I can reveal more details in a week or two.

Christian

[1] https://breakingbad.fandom.com/wiki/Hydrofluoric_acid
[2] https://en.wikipedia.org/wiki/Hydrofluoric_acid#Health_and_safety

More information about the Python-Dev mailing list