[Chicken-users] [ANN] Spiffy 5.0 has been released

[Peter Bex]

Hello everyone,

I would like to announce Spiffy version 5.0.  It's the first major
release to have come out in 3 years.  The main feature is that most
of the extra handlers that used to be shipped with Spiffy have been
moved out of the main distribution, making it lean and mean and
quicker to install.  The only additional module that's still shipped
(mostly for administrator convenience) is the simple-directory-handler.

Don't be afraid, these handlers have found new homes and I don't
intend to stop maintaining them immediately.  The SSP handler and
web-scheme-handler will eventually be completely deprecated, but
I don't want to drop them immediately just in case someone is still
using them.  I've even finally gotten around to writing some (basic)
regression tests for these handlers to help maintenance easier.

The CGI handler has been merged with Andy's FastCGI handler, which
he recently posted to this list and has now turned into a full-fledged
egg called "spiffy-cgi-handlers".  Because CGI is not generally useful
and quite old-fashioned (FastCGI being much faster and also pretty
widely supported), I think it's good to move it out of the core
distribution, and keeping it together with the fastcgi handler makes
sense to me.

The old and crusty ssp-handler and web-scheme-handler have been retired
to a separate "spiffy-dynamic-handlers" egg.  These two handlers were
marked as deprecated for quite a while now, and were becoming a growing
annoyance in the back of my mind.

As my knowledge of the web has advanced, I've become very much
disenchanted with the "easy to use" PHP-like model of deploying web
applications.  This is inherently harder to secure than servlet-like
approaches because the document root is (usually) where these files
are stored, conflating static file storage with script execution path.
Not saying it can't be used securely, just that it requires extra
attention that is often forgotten, which makes it especially dangerous
for the typical beginning web programmer who might not know much about
writing secure code yet.

Finally, I don't think Scheme is a suitable language for amateur web
scripting anyway, so we don't really need this "ease of use" where you
can start with a HTML file and start hacking code into it.  Inline
code inside HTML really isn't the proper way to develop clean code.
Even the PHP folks have realised this.  Modern "best practice" PHP
code rarely contains any HTML in it anymore, except maybe for a handful
of templates which might even be processed by a preprocessor like
Haml or Smarty instead.

Especially now that we have better eggs like the great "awful" egg,
various spiffy dynamic dispatchers and the whole family of SXML tools,
there is very little reason to keep these ugly handlers around.
If you're still using these handlers, please consider switching to
something more mature.

Cheers,
Peter
-- 
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
                                                        -- Donald Knuth