[XML-SIG] Finding _xmlplus in Python 2.3a2

Martin v. L÷wis martin@v.loewis.de
03 Mar 2003 02:14:20 +0100


Martijn Faassen <faassen@vet.uu.nl> writes:

> As I pointed out in an earlier mail, you cannot actually solve the
> problem by fixing bugs in PyXML. Code may actually be relying on
> bugs or misfeatures or undisclosed APIs in the core XML code, and a
> bugfix can therefore cause application breakage.

The same is true for any other software package. Any change in a
package can cause applications to stop working. So if you don't want
to risk a breakage, don't upgrade any software.

I cannot see how this is relevant to the _xmlplus technique, though.

> So by all means fix bugs in PyXML, the main point is that if you're upgrading
> PyXML you don't expect code that depends on the core Python library to be 
> affected at all *even by bugfixes*, if you don't know the details of the
> setup.

The same is true for any other setup. If you upgrade the system's C
library, you don't expect Apache to stop working, if you don't know
the details of the setup. If you upgrade Perl, you don't expect
spamassassin to stop working, if you don't know the details of the
setup.

> Of course depending on bugs or undisclosed APIs is wrong, but it happens,
> especially in the light of incomplete documentation, and breaking the code in
> what seems to be an unrelated upgrade is wrong too.

How is that unrelated? Both provide essentially the same software (XML
libraries for Python, in the package "xml").

Regards,
Martin