[Zope-Coders] Re: [Zope-Checkins] CVS: Zope/lib/python/DocumentTemplate - DT_Var.py:1.51

[Guido van Rossum]

> > Environment variables are
> > particularly attractive because they don't require you to think about
> > how to get the global configuration option all the way down to the
> > method that needs it -- but at best it becomes a great big mess, and
> > at worst a security vulnerability.
> 
> Are environment variables really so bad?  I am not so sure they are, and
> I think I have my brain wrapped around the security implications pretty
> well.

Security apart, I think they're a crutch -- especially the way one was
used in the example that started this thread.

My problem is that it's easy to add a feature controlled by an envar,
forget to document it, set it in your own .profile, forget about it
completely, and then you'll be really puzzled when something works for
you but fails for everybody else -- or vice versa.

> It is worth saying, I think, that some things just plain don't need to
> be global options, and actually become less useful that way.

I don't know enough about this particular issue to know how you mean
this -- against using an envar here in favor of not allowing to change
it at all from the outside, or for an envar as opposed to a Zope
global variable?

--Guido van Rossum (home page: http://www.python.org/~guido/)