-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nick Coghlan wrote: > Tres Seaver wrote: >> You are plainly joking: nothing in Python should know or care about the >> various bureaucratic insanities in some workplaces. Given the >> *existing* stdlib and network connectivity, nothing any corporate >> security blackshirt can do will prevent an even moderately-motivated >> person from executing arbitrary code downloaded from elsewhere. In that >> case, what is the point in trying to help those who impose such craziness? > > Network connectivity isn't a given, even today. So yes, there are > environments that are secure (i.e. no network connectivity), and there > are environments where developers are trusted (shock, horror) to > actually follow company policy and get all licenses vetted by their > Contracts group before installing downloaded software on company machines. > > Given that even some of the core developers work in environments like > that, then yes, I believe Python can and should take reasonable steps to > enable its use in such situations. > > And the most reasonably step Python can take on that front is to > continue to provide a relatively powerful standard library *even if* a > flexible and otherwise useful package management approach is added at > some stage.
My inclination would be to leave the stdlib largely as is, except that occostonally I would argue for ripping out a particular obsolete / bitrotted module. A couple of other points: - - Absent a sufficiently powerful package management system, the pressure to add modules to the stdlib (or keep them) is higher because it is harder for *all* Python users to add them, or replace them if dropped. - - The choice to add or remove a module to / from the stdlib should be made on the merits of the module, without regard to the kind of specialized deployment policies you outline. - - Changing the stdlib in a new release of Python is probably irrelevant for the kind of environments you allude to, as there is likely as much review involved to approve a new version of Python as there was in approving it in the first place: of the few I know of today, all are still running Python 2.1.x and / or 2.2.x for this reason. > If someone else decides to create a MinimalPython which consists solely > of something like easy_install and whatever is needed to run it (i.e. > the opposite of the "fat" bundles from folks like ActiveState and > Enthought), then more power to them. But I don't believe the official > releases from python.org should go that way. Note that I am *not* advocating scrubbing / exploding the stdlib. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJuy9Y+gerLs4ltQ4RAranAJ4rCXgq0opHPki6OmlABbaqE3D1sQCeJ7Zt Em6VMK1u+6+xYsoqixwfoJ4= =YzN7 -----END PGP SIGNATURE----- _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
