[Python-Dev] Re: cgitb.py for Python 2.2

[Guido van Rossum]

Give it up, Ping.  cgitb writes the tb to stdout, not to stderr, and
that's enough of a difference in behavior to require explicit
enabling.  It's not worth your energy to try and convince us.

Let's have the cgitb module as an optional feature.  Let's update
various documentation to suggest this boilerplate at the top of CGI
modules:

  import cgi
  import cgitb; cgitb.enable()

Regarding the secrecy of tracebacks: normal tracebacks are seen by a
user who has logged in to the system and who can look at the source
code anyway.  Web tracebacks can be seen as invitations to hackerz
without any source access to look for weaknesses in the script.
That's a very different thing from a security point of view!
(Security by obscurity, maybe, but nevertheless better than hanging
out your dirty laundry to dry in public.  Enough hackerz know Python.)

--Guido van Rossum (home page: http://www.python.org/~guido/)