[Web-SIG] WSGI in standard library

Clark C. Evans cce at clarkevans.com
Mon Feb 13 16:16:34 CET 2006

If it isn't production quality, it does not deserve to go in the
standard library.  If this means not having WSGI in the standard
library, so be it.


On Sun, Feb 12, 2006 at 11:20:53AM -0500, Chris McDonough wrote:
| On Feb 12, 2006, at 6:39 AM, Alan Kennedy wrote:
| > So, I still think that only basic servers educational/playpen servers
| > should go in the standard library, with an indication that the user
| > should pick an openly server from outside the distro if they  
| > require to
| > do serious server work.
| I agree 100%.
| >
| > Maybe if there were no "production-ready" servers in the standard
| > library, there would be no need for a "Python Security Response Team".
| As an example, it's currently possible to perform denial of service  
| on any framework/server that uses the cgi.FieldStorage module.  See  
| http://sourceforge.net/tracker/? 
| func=detail&aid=1112549&group_id=5470&atid=105470
|   .  That module probably doesn't belong in the stdlib in the first  
| place, but it's in there, and now things depend on it.
| In the meantime, this patch *really* should have been applied by now  
| but hasn't been.  If anyone has checkin access, or can help me poke  
| the appropriate person, it would help... this was reported to the SRT  
| at the time.
| - C
| _______________________________________________
| Web-SIG mailing list
| Web-SIG at python.org
| Web SIG: http://www.python.org/sigs/web-sig
| Unsubscribe: http://mail.python.org/mailman/options/web-sig/cce%40clarkevans.com

More information about the Web-SIG mailing list