All Software is Legacy

In what may be judged in years to come as a moment of madness, I have volunteered to be the primary maintainer of the Perl CGI module (CGI.pm). For the non-technical readers of this post: CGI.pm is a few thousand lines of code that in the mid to late nineties, and even some years later, was helping many websites function. Ever visited a website and seen ‘cgi-bin’ in the URL? Yep, that was probably running Perl scripts and those were almost certainly using CGI.pm

I actually volunteered to be the primary maintainer back in April 2014. The reason I’ve taken so long to write this post is that I’ve been busy, er, maintaining the module. I’ve fixed the bulk of existing issues1, written and given a talk on the plan for the module2, released an extra module to point people at better resources3, and occasionally been responding to questions about the module4, oh and of course the usual reason that it takes posts several months to get out of my drafts folder.

Despite having used the module frequently over the years, and even volunteering to be the primary maintainer, I do not like it. It was an important and useful module early on, but it has no place in a modern [perl] web stack and hasn’t deserved a place in at least a decade. This is not a criticism of the original author(s) or the original implementation, it’s simply down to the fact that the web development field has progressed and lessons have been learnt.

An important point to make is the difference between CGI and CGI.pm. CGI is the Common Gateway Interface protocol, or specification if you like, whereas CGI.pm is an implementation of that specification. CGI is still a reasonable protocol for doing web programming in some cases, whereas CGI.pm is not.5

CGI.pm wasn’t the first implementation, but it was widely adopted after being included with the Perl core:

/Users/leejo/working/CGI.pm > corelist CGI

Data for 2013-08-12
CGI was first released with perl 5.004

And when was perl 5.004 released? 15th May 1997, almost twenty years ago.

The Past

Up until that point if you wanted to do CGI programming with Perl you had to install CGI.pm manually, write your own implementation, or install scripts that did it for you. A well known example is cgi-lib.pl.6 In fact, it would probably be fair to say cgi-lib.pl was commonly used as CGI.pm included functions to make porting scripts from cgi-lib.pl easy.

Over time CGI.pm grew and grew, and grew some more, until it had implemented most (if not all) of the CGI protocol specification and beyond:https://tools.ietf.org/html/rfc3875

Take a look at that RFC and see if anything stands out. I’ll give you a clue: it’s to do with the date… Got it? Yes, RFC 3875 was finalised in October 2004, some seven years after CGI.pm was released with Perl and at least a decade after the original NCSA informal specification was released. Work on RFC 3875 didn’t start until 1997, by then there were already many different implementations of a specification that had no official formal definition.

The first official draft of the CGI specification was not released until May 1998. By then there were several large sites already running on Perl and even with CGI.pm: eBay, IMDb, cPanel, Slashdot, Craigslist, Ticketmaster, Booking.com, several payment processors, and many many others.7

Full Article

Credit: Lee Johnson

  1. “Fixed” meaning either resolved or rejected
  2. The first five minutes here and slides viewable here
  3. CGI::Alternatives
  4. Eh, there’s a few bits and pieces in various places. Perlmonks, LinkedIn, Github, etc.
  5. One Two Three Four
  6. http://cgi-lib.berkeley.edu/ – and of course Matt’s script archive.
  7. https://en.wikipedia.org/wiki/Perl#Applicationshttps://news.ycombinator.com/item?id=10590612 2
/by