Author r.david.murray
Recipients Rosuav, mcepl, orsenthil, r.david.murray, terry.reedy
Date 2014-03-02.21:22:43
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1393795364.7.0.666093049482.issue19494@psf.upfronthosting.co.za>
In-reply-to
Content
This is something Python should deal with, so the issue should remain open.  Whether it is a feature or a bug is still open to at least a little bit of debate.

This is particularly the case in this instance because the reason these sites are breaking the spec is out of security concerns.  Traditionally Python's backward compatibility/feature strictness is slightly more relaxed in the face of security issues.  So, if there is a non-trivial and growing number of web sites we can't talk with because of their security stance, there is at least an argument that this can be changed in maintenance releases.

Another argument in this vein is that the change does not mean that a *program* written in python x.y.z will fail if run under python x.y.z-1, but only that it will fail to talk to certain web sites in x.y.z-1.  That feels much more like a bug fix than a feature.  (Of course, if it is a program designed to talk to one of those websites exclusively, then that calculus would change, but we're looking at it from the perspective of a general class of python programs, not a particular program.)

This assumes that the fix is in the vein of the optimization of automatically sending the auth for all sub-urls, as suggested by the RFC.  If it requires changing the API, then it is no question a feature.
History
Date User Action Args
2014-03-02 21:22:44r.david.murraysetrecipients: + r.david.murray, terry.reedy, orsenthil, mcepl, Rosuav
2014-03-02 21:22:44r.david.murraysetmessageid: <1393795364.7.0.666093049482.issue19494@psf.upfronthosting.co.za>
2014-03-02 21:22:44r.david.murraylinkissue19494 messages
2014-03-02 21:22:43r.david.murraycreate