#36520: Performance Regression in parse_header_params
-------------------------------------+-------------------------------------
Reporter: David Smith | Owner: Natalia
| Bidart
Type: Bug | Status: assigned
Component: HTTP handling | Version: dev
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mike Edmunds):
I don't have any deep insights here (and my expertise in Python's email
APIs is, at best, at the "enough knowledge to be dangerous" level). But
from what I've seen:
* I was… surprised to see Python recommending the ''legacy'' email APIs as
a replacement for the cgi package. I've been under the impression the
legacy APIs are being gently edged toward deprecation.
* Python's email package (both APIs) suffers from a severe shortage of
maintainer bandwidth. Even security fixes can take months or years to
land. Having two different—but intertwined—email APIs doesn't help. (To be
fair, the cgi package had exactly zero maintainers, which is strictly
worse.)
* I don't think performance has been a primary consideration in either
email API's design. (The modern API prioritizes simplified DX around
complying with newer RFCs. It has several extra layers compared to the
legacy API, so it's probably going to be slower. But maybe more accurate
in some corner cases.)
* Although both email APIs are specced to parse HTTP headers (MIME is
MIME), I'm guessing neither has had as much real-world use for that
purpose as the cgi package did. It wouldn't be surprising to see a bunch
of HTTP-specific email package issues emerge over the next few years.
(Call this the first one.)
Given all that, I suspect Django would be better off ''not'' using
Python's email package to parse HTTP headers. The technical and
maintenance requirements aren't well aligned. Jacob's analysis in
comment:22 seems spot on. James Webber's [https://discuss.python.org/t
/performance-regression-from-using-email-message-message-get-params-as-
replacement-of-cgi-parse-header-following-pep-594/99963/4 reply] to
Natalia's Python forum post also puts it pretty well.
Post-6.0, perhaps there could be a collaboration with Flask's maintainers
on a high-performance, secure, maintained HTTP header parser purpose-built
for web framework needs? (Or maybe there's already one in rust just
waiting for some Python bindings?)
--
Ticket URL: <https://code.djangoproject.com/ticket/36520#comment:25>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019912503e20-de24a0a8-48b3-4aa7-bbf5-9746ba077e79-000000%40eu-central-1.amazonses.com.
