Python does not play well with others

[Paul Boddie]

Paul Rubin wrote:
> "Paul Boddie" <paul at boddie.org.uk> writes:
> > Python should only incorporate functionality in order to offer a
> > coherent experience (where the omission of functionality would
> > otherwise lead to a flawed experience). For example, having support
> > for SSL in the socket module offers a coherent experience because it
> > means that urllib and related modules can offer to support SSL-related
> > URLs out of the box.
>
> But they can't, because the built-in socket module SSL interface
> doesn't check certificates, causing total security failure if someone
> spoofs the remote site.  The built-in SSL functionality is broken and
> users have to resort to external packages.

I was really advocating improvements to the built-in SSL support,
anyway, which was also what the complainant was suggesting before
people started asking him mistakenly why he thought that Python was
weakened by some third party packages (PyOpenSSL, M2Crypto). The
choice here involves either improving the built-in support or
unbundling SSL-based communications altogether. The former option
obviously demands a certain amount of engineering, and then one might
ask why there isn't a convenient framework for plugging in other
flavours of sockets, for example, although there arguably aren't any
as generally important as secure sockets. The latter option needs
everyone to think about how you'd plug such stuff back into Python in
a nice enough way, and then to get people to work on the right
projects to provide something which does the job.

> Then you have to ask why the stdlib includes anything like urllib in
> the first place, under this "coherent experience" concept (I interpret
> that as some kind of minimalist philosophy).  Can't users have a
> coherent experience if the stdlib doesn't include urllib?  My own
> answer is the one that I thought that the developers had settled on
> years ago, namely "batteries included", i.e. ship a rich set of
> libraries that provide a wide variety of useful functions, i.e. the
> doctrine of minimalism has been explicitly rejected.

Really, we have to ask whether including the batteries would save
people a lot of work, not just in whether the end-user has to find out
about an external package and then download something, but whether the
logistics around developing the code, integrating it with Python, and
maintaining it would be easier if people just included the stuff with
Python. Here, you need some kind of consensus that feature X needs
supporting and there's an approved way of supporting it which a group
of people would be happy to maintain. Would it benefit the Python
community (including core developers) more if Python shipped with SSL
support out of the box, and would the cost of doing so ultimately be
less than just pointing people at third party libraries and dealing
with their problems?

>  We then get the question of whether to include any specific function and that's where
> comparisons with other languages come in.

Would it benefit the Python community more if Python shipped with
MySQL support out of the box? Is it likely that a user suddenly finds
him/herself needing to connect to a MySQL database? Is it more likely
that the user might suddenly find him/herself needing to download from
a secure site, particularly if some tool (eg. setuptools) suddenly
stumbles across an https URL. Some database systems have a choice of
drivers/libraries/modules (PostgreSQL has quite a few, for example):
choosing a module for standard library inclusion and integrating the
development can be too high a barrier for such questions of inclusion
to be resolved trivially.

[...]

> > So, for the less forward-thinking providers a metapackage would be the
> > solution, then?
>
> I'm not sure what you mean by metapackage but in general the goal is
> to minimize the number of places that the hosting provider (or OS
> distro maintainer, or whatever)

On various distributions you get packages which don't actually contain
anything, but which indicate a suite of packages which are to be
installed. So, if you install the ubuntu-desktop package on Ubuntu
systems, you get the GNOME desktop environment and all the
dependencies (and a bunch of other stuff). Perhaps there should be a
python-mysql-hosting package for such providers.

Paul