[Python-Dev] Integrate BeautifulSoup into stdlib?
Toshio Kuratomi
a.badger at gmail.com
Tue Mar 24 15:59:45 CET 2009
Steve Holden wrote:
> Seems to me that while all this is fine for developers and Python users
> it's completely unsatisfactory for people who just want to use Python
> applications. For them it's much easier if each application comes with
> all dependencies including the interpreter.
>
> This may seem wasteful, but it removes many of the version compatibility
> issues that otherwise bog things down.
>
The upfront cost of bundling is lower but the maintenance cost is
higher. For instance, OS vendors have developed many ways of being
notified of and dealing with security issues. If there's a security
issue with gtkmozdev and the python bindings to it have to be
recompiled, OS vendors will be alerted to it and have the opportunity to
release updates on zero day, the day that the security announcement goes
out.
Bundled applications suffer in two ways here:
1) the developers of the applications are unlikely to be on vendor-sec
and so the opportunity for zero day fixes is lower.
2) the developer becomes responsible for fixing problems with the
libraries, something that they often do not. This is especially true
when developers start depending, not only on newer features of some
libraries, but older versions of others (for API changes). It's not
clear to many developers that requiring a newer version of a library is
at least supported by upstream whereas requiring an older version leaves
them as the sole responsible party.
3) Over time, bundled libraries tend to become forked versions. And
worse, privately forked versions. If three python apps all use slightly
different older versions of libfoo-python and have backported fixes,
added new features, etc it is a nightmare for a system administrator or
packager to get them running with a single version from the system
library or forward port them. And because they're private forks the
developers lose out on collaborating on security, bugfixes, etc because
they are doing their work in isolation from the other forks.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-dev/attachments/20090324/0778ffa4/attachment.pgp>
More information about the Python-Dev
mailing list