[Web-SIG] WSGI in standard library

Chris McDonough chrism at plope.com
Sun Feb 12 17:20:53 CET 2006

On Feb 12, 2006, at 6:39 AM, Alan Kennedy wrote:
> So, I still think that only basic servers educational/playpen servers
> should go in the standard library, with an indication that the user
> should pick an openly server from outside the distro if they  
> require to
> do serious server work.

I agree 100%.

> Maybe if there were no "production-ready" servers in the standard
> library, there would be no need for a "Python Security Response Team".

As an example, it's currently possible to perform denial of service  
on any framework/server that uses the cgi.FieldStorage module.  See  
  .  That module probably doesn't belong in the stdlib in the first  
place, but it's in there, and now things depend on it.

In the meantime, this patch *really* should have been applied by now  
but hasn't been.  If anyone has checkin access, or can help me poke  
the appropriate person, it would help... this was reported to the SRT  
at the time.

- C

More information about the Web-SIG mailing list