[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Inclusion of lz4 bindings in stdlib?

On 29/11/2018 17.32, Antoine Pitrou wrote:
> We may ask ourselves if there is really a large difference between a
> "standard distribution" and a "standard library".  The primary
> difference seems to be that the distribution is modular, while the
> stdlib is not.

Yes, there is a huge difference between a larger distribution and a
stdlib. I'm going to ignore all legal issues and human drama of "choose
your favorite kid", but start with a simple example.

I'm sure we can all agree that the requests library should be part of an
extended Python distribution. After all it's the best and easiest HTTP
library for Python. I'm using it on a daily basis. However I would
require some changes to align it with other stdlib modules. Among others
requests and urllib3 would have to obey sys.flags.ignore_environment and
accept an SSLContext object. Requests depends on certifi to provide a CA
trust store. I would definitely veto against the inclusion of certifi,
because it's not just dangerous but also breaks my code.

If we would keep the standard distribution of Python as it is and just
have a Python SIG offer an additional extended distribution on, then I don't have to care about the quality and security of
additional code. The Python core team would neither own the code nor
takes responsibility of the code. Instead the extended distribution SIG
merely set the quality standards and leave the maintance burden to the
original owners. In case a library doesn't keep up or has severe flaws,
the SIG may even decide to remove a package from the extended distribution.