Roundup Tracker - Issues

Issue 2551193

Fix roundup for removal of cgi and cgitb standard python modules (and FieldStorage/MiniFieldStorage)
Type: rfe Severity: major
Components: Web interface Versions: 2.4.0
Status: fixed fixed
: rouilj : rouilj
Priority: : Blocker, Deprecation, Effort-Medium

Created on 2022-02-06 19:48 by rouilj, last changed 2023-12-11 00:10 by rouilj.

msg7449 Author: [hidden] (rouilj) Date: 2022-02-06 19:48
PEP:0594 at

discussed at:

is deprecating a number of standard library modules used by roundup. They will be gone
in 3.13.

The most critical one is cgi which provides MiniFieldStorage and FieldStorage. These are
used throughout the web interface 

cgitb is used in the cgi deployment mode (good for cheap hosting) and will refuse to start if 
not available.

Possibilities are to:

  rewrite roundup to replace all cgi derived classes/methods etc. with new replacements
    (some cgi stuff has no replacement in standard library). We still want to support
    python 2 and 3.

  vendor the cgi/cgitb libraries for python 3 (use existing lib under python2)

  vendor replacement libraries (looks like python3 only) 

Note that not replacing or vendoring libraries makes demoing/running Roundup require
third party libraries to operate. This raises the bar for people interested in Roundup.

issue2551191 opened for the only other module that I think is used: crypt.

Excerpts from pep and discussion:


The cgi module is a support module for Common Gateway Interface (CGI) scripts. CGI is deemed 
as inefficient because every incoming request is handled in a new process. PEP 206 considers 
the module as:

    "[…] designed poorly and are now near-impossible to fix (cgi) […]"

Replacements for the various parts of cgi which are not directly related to executing code 

    parse with urllib.parse.parse_qs (parse is just a wrapper)
    parse_header with email.message.Message (see example below)
    parse_multipart with email.message.Message (same MIME RFCs)
    FieldStorage/MiniFieldStorage has no direct replacement

library/13508/2 is a proper replacement for cgi.FieldStorage, used by 
Zope, and thus by Plone, and so here to stay til the end of time
msg7707 Author: [hidden] (rouilj) Date: 2023-01-04 04:10 was released as a source of a module that we could vendor.
msg7778 Author: [hidden] (rouilj) Date: 2023-05-29 01:47
latest copies of the cgi and cgitb are at:

Plan to vendor them as roundup/anypy/ and roundup/anypy/

for the vendored code in the COPYING.txt file at the root of the source tree
under the "Vendored and code" heading.
msg7814 Author: [hidden] (rouilj) Date: 2023-07-25 00:41
changeset:   7582:978285986b2c

Used a docker python:3-alpine 3.11 image to test by deleting
anydbm/sqlite backends tested along with the frontend and live-server tests.

vendored won't work with a python before 3.10.

Docs updated, license updated. Removed some unneeded cgi imports in tests.

Close this when we have a 3.13 test environment set up and Roundup test pass.
msg7866 Author: [hidden] (rouilj) Date: 2023-12-11 00:10
I ran the test suite (anydbm and sqlite) under  3.13 alpha docker release and it passed.
Date User Action Args
2023-12-11 00:10:39rouiljsetstatus: pending -> fixed
resolution: remind -> fixed
messages: + msg7866
2023-07-25 00:41:50rouiljsetstatus: new -> pending
assignee: rouilj
resolution: remind
messages: + msg7814
2023-05-29 01:48:50rouiljsetversions: + 2.4.0
2023-05-29 01:48:46rouiljsetkeywords: + Effort-Medium, Blocker, - Effort-High
2023-05-29 01:47:17rouiljsetmessages: + msg7778
2023-01-04 04:10:33rouiljsetmessages: + msg7707
2022-02-06 20:00:36rouiljsetkeywords: + Effort-High, Deprecation
2022-02-06 19:48:05rouiljcreate