The Perl 5 Porters list is discussing a proposal to remove CGI.pm from the core distribution. Per the discussion, this proposal is likely to succeed, and Perl 5.20 (released around May 2014) will no longer include CGI.pm as a core library.
The arguments in favor of this are:
- It's not great code: it does far too much (conflating HTML generation with parameter processing and cookie handling), its interface is confusing (the kind of halfhearted pseudo-OO that Perl 5 circa 1994 encouraged), and its implementation is weird beyond that (the last time I looked, it had a strange load-on-demand system to avoid the performance penalty of compiling a couple of thousand lines of Perl 5 code).
- It operates at too low a level: you need to understand far too much about how the CGI protocol works to use it effectively.
- Its execution model represents the lowest common denominator of web deployment; it hasn't moved much on beyond 1998 (with some code to support FastCGI and mod_perl, but not much else).
- It's harder to deploy that it seems, if you count the system administration work it takes to configure a web server for the CGI protocol.
- In almost every case, at least one of several plausible Perl web frameworks is a better choice.
The biggest criticism is actually a Perl success story. PSGI and Plack make developing and deploying Perl web programs so much easier that there's no credible reason to use raw CGI anymore, at least if you can install Plack or use a PSGI-compatible library. If you're tied to the CGI approach, Plack::Handler::CGI is a better alternative in every way, even for local development and testing.
The cons of ejecting CGI are:
- It's been in the core approximately forever.
- Sometimes it's the only thing available, if you're using a shared hosting account where you can't install CPAN modules and a bearded sysadmin somewhere refuses to install them for you.
In other words, the discussion on p5p seems to be that the burden of maintaining code that no one uses, no one likes, and no one really wants to maintain in the core is greater than the benefit of providing a mediocre out of the box CPAN-free experience to people who don't maintain their own Perl installations.
In other words, the dominant philosophy seems to be "CPAN is integral to the desired experience of Perl 5".
(I suspect that the CPAN-hostile environment which still promotes CGI.pm as the state of the art in Perl overlaps strongly with the older-is-better-stability-over-all enterprise Linux distribution group, of which Red Hat for example won't provide Perl 5.20 for several years, so the dominant web programming model of 1997 has yet another stay of execution. Hooray. Please feel free to join us in the 21st century sometime.)