git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Inclusion of lz4 bindings in stdlib?



On Wed, Nov 28, 2018, at 15:27, Steven D'Aprano wrote:
> On Wed, Nov 28, 2018 at 10:43:04AM -0800, Gregory P. Smith wrote:
> 
> > PyPI makes getting more algorithms easy.
> 
> Can we please stop over-generalising like this? PyPI makes getting 
> more algorithms easy for *SOME* people. (Sorry for shouting, but you 
> just pressed one of my buttons.)
> 
> PyPI might as well not exist for those who cannot, for technical or 
> policy reasons, install addition software beyond the std lib on the 
> computers they use. (I hesitate to say "their computers".)
> 
> In many school or corporate networks, installing unapproved software can 
> get you expelled or fired. And getting approval may be effectively 
> impossible, or take months of considerable effort navigating some 
> complex bureaucratic process.
> 
> This is not an argument either for or against adding LZ4, I have no 
> opinion either way. But it is a reminder that "just get it from PyPI" 
> represents an extremely privileged position that not all Python users 
> are capable of taking, and we shouldn't be so blase about abandoning 
> those who can't to future std lib improvements.

While I'm sympathetic to users in such situations, I'm not sure how much we can really help them. These are the sorts of users who are likely to still be stuck using Python 2.6. Any stdlib improvements we discuss and implement today are easily a decade away from benefiting users in restrictive environments. On that kind of timescale, it's very hard to know what to do, especially since, as Paul says, we don't hear much feedback from such users.

The model these users are living in is increasingly at odds with how software is written and used these days. Browsers and Rust are updated every month. The node.js world is a frenzy of change. Are these users' environments running 5 year old browsers? I hope not for security's sake. At some point, languorous corporate environments will have to catch up to how modern software development is done to avoid seriously hampering their employees' effectiveness (and security!).