Python does not play well with others

Chris Mellon arkanes at gmail.com
Wed Jan 24 12:30:54 EST 2007 

On 1/24/07, John Nagle <nagle at animats.com> wrote:
> Harry George wrote:
> > John Nagle <nagle at animats.com> writes:
>
> > You experience isn't shared by everyone.  Some of us find Python the
> > most functional and portable of the candidates you mention.
>
>     The language is fine.  It's the bindings to other packages that
> are the problem.  There are three different packages for talking
> to OpenSSL, and they're all broken in some important way.
>
>     What's actually needed on the SSL side, I think, is to
> add bindings to the built-in SSL to export the functionality
> the M2Crypto C binding module has.  Preferably with better
> attention to reference count problems, and without using SWIG.
> Then move over the Python portions of M2Crypto.
>
>     Some problems, all of which are known and logged bugs:
>
>     - The built in SSL package doesn't actually validate anything,
>         and will happily accept bogus SSL certificates.
>     - The built in SSL package doesn't allow access to most of the
>         fields of an SSL certificate, and the ones you can get
>         are returned in a debug format that's not parseable.
>     - M2Crypto has OpenSSL and SWIG version dependencies beyond
>         what is documented.  The latest version of SWIG has
>         a problem which breaks builds with older versions of
>         OpenSSL.
>     - M2Crypto may still have a memory leak associated with contexts.
>         (Check out "close" in "Context".)
>     - M2Crypto doesn't understand SSL certificates which support
>         a list of sites.
>     - M2Crypto and the socket library don't play nice about timeouts.
>
> Most of these problems have been known for years.  The last person to
> try to fix this was treated so badly he stopped contributing.  Read
> the bug history for "[1114345] Add SSL certificate validation".
> It's sad.
>

Just to be clear: The problem here is "my personal itch is not being
scratched by other people for me", not "Python doesn't play well with
others". You are not any more important than anyone else and assuming
that anyone cares about your problems is a major fallacy. You have a
specific library that doesn't meet your needs, and that you are not
interested in maintaining yourself, so you are attempting to leverage
some sort of community guilt trip to get other people to do it for
you. That's dishonest and off-putting.

Not everyone has the ability or desire to contribute. That is fine.
They might even ask if anyone is interested in doing it for them,
which is also fine - there are many people who enjoy working on
something that is of use to others, even if it's not important to them
personally. But stop acting like you're entitled to special
consideration, or that the "Python community" is failing some sort of
duty by not catering to you specifically.

More information about the Python-list mailing list