Author gregory.p.smith
Recipients Mike.Lissner, gregory.p.smith, lukasz.langa, mgorny, miss-islington, orsenthil, sethmlarson, xtreak
Date 2021-05-05.02:19:34
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1620181175.3.0.751808170195.issue43882@roundup.psfhosted.org>
In-reply-to
Content
Both Django and Botocore issues appear to be in the category of: "depending on invalid data being passed through our urlsplit API so that they could look for it later"  Not much sympathy.  We never guaranteed we'd pass invalid data through.  They're depending on an implementation detail (Hyrum's law).  Invalid data causes other people who don't check for it problems.  There is no valid solution on our end within the stdlib that won't frustrate somebody.

We chose to move towards safer (undoubtedly not perfect) by default.

Instead of the patches as you see them, we could've raised an exception.  I'm sure that would also also have tripped up existing code depending on the undesirable behavior.

If one wants to reject invalid data as an application/library/framework, they need a validator.  The Python stdlib does not provide a URL validation API.  I'm not convinced we would even want to (though that could be something issue43883 winds up providing) given how perilous that is to get right: Who's version of right? which set of standards? when and why? Conclusion: The web... such a mess.
History
Date User Action Args
2021-05-05 02:19:35gregory.p.smithsetrecipients: + gregory.p.smith, orsenthil, lukasz.langa, mgorny, Mike.Lissner, miss-islington, xtreak, sethmlarson
2021-05-05 02:19:35gregory.p.smithsetmessageid: <1620181175.3.0.751808170195.issue43882@roundup.psfhosted.org>
2021-05-05 02:19:35gregory.p.smithlinkissue43882 messages
2021-05-05 02:19:34gregory.p.smithcreate