[Twisted-Python] twisted.protocols.telnet or twisted.conch.telnet?

[Itamar Shtull-Trauring]

On Sun, 2006-03-19 at 11:51 -0800, James Schend wrote:

> I understand that there is no warranty, yadda yadda, and I understand
> that it's a volunteer effort and open source yadda yadda, but what I
> really *need* right now is the guarantee of stability.  If conch's
> interface can change at any time (on servers that I may not control
> and have no say over their installed software), it becomes impossible
> for me to support my program and I'd be better off writing my own,
> even if that is more code.

Even when we change APIs, we do tend to try to keep them backwards
compatible. That's exactly why there's a new telnet library; old one
really needed massive changes, but rather than replacing the old one in
same location and breaking existing code, JP started a new
implementation elsewhere.

> So for me, stability is the number one concern.  However, I can't
> distribute the old version of the library because of the potential for
> undiscovered security holes.  So we're back to "damned if I do, damned
> if I don't."

1. If you "distribute old version", that's basically like writing your
own only bootstrapped. If you find security problem, just change your
copy. It's code you control after all. And if you're the only person
using it, only you/your users are likely to find security holes. Same
thing you'd do with something written from scratch.

2. We'd probably distribute security fixes for deprecated code if it
wasn't yet time to remove it outright.