[Python-Dev] PEP 594: Removing dead batteries from the standard library
Christian Heimes
christian at python.org
Mon May 20 18:06:35 EDT 2019
On 20/05/2019 23.27, Antoine Pitrou wrote:
> NNTP is still quite used (often through GMane, but probably not only) so
> I'd question the removal of nntplib.
Is NNTP support important enough to keep the module in the standard library?
> cgitb used to be used by some Web frameworks in order to format
> exceptions. Perhaps one should check if that's still the case.
A search on github did not reveal any relevant use of cgitb besides tons of copies of test_cgitb and an optional debugging middleware in Paste. I checked Django, Plone, CherryPy, flask, and bottle. None uses cgitb.
> If the wave module depends on the audioop module, and if the wave
> module is kept in the stdlib, then the audioop module can't be removed.
No, it can be removed. I explained the situation in the "wave" section of the PEP.
> Removing the crypt module would remove support for system-standard
> password files. I don't understand the rationale.
Applications *must* not access system-standard password files directly. On any sanely and securely configured systems, application cannot even access system password files like /etc/shadow. Access restrictions and system security policies will prevent read access. Also applications cannot assume that users are present in any user file. They may come from LDAP, SSSD, ActiveDirectory, or other sources.
The correct way to interact with system users is to use the proper APIs, that are NSS (name service switch) and PAM (pluggable authentication modules). NSS looks up and enumerate users and groups. PAM performs password validation and much, much, much more. The pwd and grp modules use the correct APIs to interact with NSS. If you need to check or change passwords, you must go through PAM.
Christian
More information about the Python-Dev
mailing list