[Python-ideas] Support for OAuth2/OIDC in the standard distribution ?

[Paul Moore]

On 17 November 2016 at 02:42, Stephen J. Turnbull
<turnbull.stephen.fw at u.tsukuba.ac.jp> wrote:
> But I am not a draconian security policy QA/security reviewer.  I'd
> take anything Paul Moore says pretty seriously, as he operates in such
> an environment.

For context, my environment is one that doesn't formally use Python,
but needs a lot of adhoc automation and management solutions, for
which Python is a great fit, as long as it doesn't need anything that
isn't pure "out of the box" functionality (because once we need that,
we get into formal requests for things to be added to supported
software lists). There's certain possibilities for "under the radar"
additions, but the costs get high pretty quickly and overwhelm the
benefits. So in some ways things can be very flexible, but in others I
need to think in worst-case "I'm lucky to have Python at all, let's
not push my luck" terms.

It's likely that this sort of environment is becoming less common as
Python becomes more mainstream/popular (it's not that long ago that
you were lucky to find Python in a default Unix installation at all,
for example), but it is still something we should be considering when
looking at what deserves to be in the stdlib (sure requests is better
than urllib, but if urllib disappeared, I wouldn't be able to do web
requests at all in many of my environments).

Paul