On Thu, Nov 19, 2020 at 10:46:50PM -0800, Brendan Barnwell wrote: > Yes, that's correct. All of what you described is how ordinary apps > work. If I install a program and it has a bug or security > vulnerability, then I am affected by that vulnerability. Having a way > to install a Python program as a program in its own right means that it > will also work that way. So what? That's how programs work.
Not all programs. There are many development languages that provide a separate development and runtime environment, (e.g. Mathematica and Wolfram Player). Or your programs run in a browser, like many notebook apps. There are definite trade-offs in the choice of static bundled apps versus dynamically linked apps with some sort of player or runtime environment. One solution does not fit all. > The goal of such an application-distribution mechanism is to detach > the program as fully as possible from any dependence on the existing > software environment (i.e., ideally all it needs to know is what OS it's > being installed on), so that the user can install it without giving any > thought whatsoever to what other programs they might or might not have > installed before or after. I think that is an important goal for making > Python competitive in the realm of user-facing applications. If that's really what you want, you probably should look at making a way to run Python apps in the browser. Everyone has an OS, everyone has a browser, GUI browsers have similar looking look-and-feels, the days when devs assumed Internet Explorer are long gone. Having Python run in the browser is a dream for many people. I wouldn't trust random websites to run Python code in my browser, but if I trusted an app enough to install it, there's no real difference security-wise between running it in a browser and running it in a Python interpreter or a stand-alone executable. > Whether > that's to be achieved with PyInstaller or something else isn't clear to > me, but I disagree strongly with the idea that dependency-bundling and > native-installing shouldn't be in the stdlib. It would be great if they > were included in some form or fashion. >From the PyInstaller downloads page: https://www.pyinstaller.org/downloads.html "Maintaining PyInstaller is a huge amount of work." The latest PyInstaller download on PyPI is 3.5MB. Using that as a rough measure of the complexity of the project, adding it to CPython would increase the complexity of CPython by about 12%. -- Steve _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/JZGNM2CWNR36N2OXDVYL3GGQHI65UWYL/ Code of Conduct: http://python.org/psf/codeofconduct/
