[Python-Dev] PEP 594: Removing dead batteries from the standard library

Tue May 21 09:24:26 EDT 2019

On 21/05/2019 15.01, Steven D'Aprano wrote:
> Christian, I'm glad that you are privileged enough to find it simple and 
> straight forward to download and install, but for many Python users, it 
> is not so simple or straight forward.
> 
> Many Python users don't have the privilege of being able to install 
> arbitrary, unvetted packages from PyPI. They get to use only packages 
> from approved vendors, including the stdlib, what they write themselves, 
> and nothing else. Please don't dismiss this part of the Python community 
> just because they don't typically hang around in the same forums we do.
> 
> I've worked with organisations where downloading and installing software 
> from the internet was grounds for instant dismissal. I've worked with 
> organisations with regulatory requirements to do due-dilegance on their 
> entire software stack, and getting permission to install an unapproved 
> library could take 3-6 months elapsed time and dozens of person-hours, 
> including a full review of the licencing and copyright by lawyers.
> 
> I've also worked with kids using school computers who don't have either 
> the legal permission or the knowledge to use pip install.
> 
> Sometimes their school administrators are ... how shall I put this 
> kindly? ... over zealous in their efforts to protect the students from 
> malware and spyware (apart from the school's own spyware, of course...) 
> and rather lacking in their understanding of the difference between 
> piracy and Open Source software. Getting Python installed by the school 
> admiinistrator is one thing, but allowing the kids to run pip and 
> install software themselves is unthinkable.
> 
> And remember, in some juristictions, installing software from the 
> internet can put you in breach of some draconian laws. At the very 
> least, kids may face expulsion.

This argument has bring brought up several times. For that reason the PEP lists mostly modules that deal with historic and irrelevant data formats. The wave module stays because it is useful in education contexts. The use case is explicitly mentioned in the latest version of the PEP.

Do you have a concrete and tangible case example, in which a deprecated module is absolutely necessary, a user gets permission to update Python, but does not get permission to get a PyPI package installed?

You could argue that cgi, spwd, and crypt are not history data formats. My counter argument: *If* you have to work in a severely restricted environment, *then* you are surely not allowed to run your own CGI web server or access the system password database.