On Fri, 20 Nov 2020 at 08:55, Chris Angelico <ros...@gmail.com> wrote: > > On Fri, Nov 20, 2020 at 6:06 PM Brendan Barnwell <brenb...@brenbarn.net> > wrote: > > You've mentioned this objection at least twice now and I still don't > > see it having any real relevance. All kinds of programs have bugs and > > vulnerabilities. There is no special reason why someone should expect a > > program to shield them from bugs or vulnerabilities in that program's > > underlying components, whether that program is written in Python or any > > other language. > > > > So what you're saying is: "Everyone else who distributes native > executables has these problems, so Python apps distributed as native > executables will have these problems". Yes. Of course they will. But a > Python app distributed as a .py file or a .pyz archive *won't* have > these problems. Is that of no value?
Of course it is. But it's not the *only* consideration. What you seem to be doing is dismissing any possibility that in some circumstances, the balance is in favour of bundled executables over zipapps. The discussion here (at least this part of it) is about those situations where zipapps aren't a useful solution. So *by definition*, zipapps aren't relevant as an option in that case. You may not think that any such cases exist. Fair enough. But those of us that do are trying to discuss ways to handle those situations, and saying "that will never happen" or equivalently "do you mean zipapps" repeatedly, isn't helping. > The special reason is the entire point of language interpreters. Let's > suppose that there's a vulnerability discovered in the V8 JavaScript > interpreter (the one behind Node.js and Google Chrome and such). Does > everyone who's ever published a web app now have to push out a new > version? Certainly not, and I think many web devs would be offended at > the mere suggestion. They expect that a browser update will > automatically fix it, and it should! Why should Python apps *not* take > advantage of this separation? It's hardly the *entire* point, but I agree it's a benefit of them. And web development is *far* from being the only use for Python. And tools like VS Code (written with Node.js, I believe) bundle the V8 engine, so contrary to the point you're trying to make, Javascript could be viewed as an example of why Python needs a way to bundle apps... Paul _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/NU62XQMR47N3RTD6MEUIMM65IZTJ3EZV/ Code of Conduct: http://python.org/psf/codeofconduct/
