[Python-Dev] PEP 594: Removing dead batteries from the standard library

[Christian Heimes]

On 21/05/2019 18.29, Glenn Linderman wrote:
> On 5/20/2019 2:20 PM, Christian Heimes wrote:
>> On 20/05/2019 23.12, Andrew Svetlov wrote:
>>> socketserver.py is also questionable
>> I briefly though about the module, but didn't consider it for removal. The http.server, xmlrpc.server, and logging configuration server are implemented on top of the socketserver. I don't want to remove the socketserver module without a suitable replacement for http.server in the standard library.
> 
> But http.server could be on the remove list too... it gets mighty little support, has very little functionality, and implements a CGI interface (although that also has very little functionality), and you have the CGI tools on the remove list, rendering the CGI interface implemented by http.server less easily usable.
> 
> Further, it doesn't directly support https:, and browsers are removing/reducing support for http:.
> 
> I can't speak to xmlrpc or logging configuration.

Hi,

thanks for bringing this topic up. Initially I considered http.server, too. But as Guido put it, it's both used and useful for local testing and quick hacks. I'm already facing opposition for modules that are less controversial and useful than http.server, too. 

I have two remarks:

1) The http.server does not act as a CGI server by default. In CGI server mode, it does not depend on the cgi module.
2) The lack of HTTPS support is not a major problem for connections on localhost. There is a RFC draft to consider any connection to "localhost" as secure, https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-06

Christian