The method wsgiref.validate:InputWrapper.readline doesn't take any
arguments.  It should take an optional size argument.  Though this isn't
part of the WSGI specification, the cgi module uses this argument when
parsing the body, and in practice no applications that use
cgi.FieldStorage (which is most applications) are compatible with
wsgiref.validate as a result.  Simply adding a *args that is passed to
the underlying file fixes this.

No, it shouldn't.  The purpose of wsgiref.validate is to validate spec
compliance, and the use of a readline() argument means that the program
doing the invocation is not valid, per the spec.  wsgiref.validate is
correctly reporting the failure of compliance.

This renders wsgiref.validate.validator completely useless, because it
cannot be used with any existing code.

Uh, Ian, do you not remember being the person who *wrote* this code a 
few years ago?  This is the old paste.lint with a little 
renaming.  Of course it can be used with existing code -- code that 
complies with the WSGI spec.

It's the cgi module that changed, not wsgiref.

Yes, and I've wanted to deprecate paste.lint, but I can't because people
use it over wsgiref.validate because it had this change applied.  Yes,
cgi.FieldStorage changed, but now that it's changed wsgiref needs to be
compatible with it to be viable.

Mostly the WSGI spec has been wrong on this for some time, but we've
never gone through the process of updating it (though it has been
brought up several times on Web-SIG).

Then obviously it makes no sense to update wsgiref before the 
spec.  ISTM the correct way to deal with this is update the cgi 
module to include a WSGI-compatible API.

cgi started using this argument due to the potential of a DoS attack
without the length limit.  So undoing this in cgi (even as an option)
would be a regression.