On Sat, Nov 21, 2020 at 1:35 PM Christopher Barker <python...@gmail.com> wrote: > > I'm not sure I should get involved in this, but .... > > On Fri, Nov 20, 2020 at 12:53 AM Chris Angelico <ros...@gmail.com> wrote: >> >> Let's >> suppose that there's a vulnerability discovered in the V8 JavaScript >> interpreter (the one behind Node.js and Google Chrome and such). Does >> everyone who's ever published a web app now have to push out a new >> version? > > > No, but anyone that has published an Electron app does.
Yes, and that has been a problem for me. Electron apps whose authors haven't released an update. I am unable to run them in a safer interpreter, and am forced to either continue using the one that was bundled, or stop using the app. That is *the entire point*. > Oh, and Chrome itself needs to be updated -- only on what, millions of > machines? V8 is bundled with Chrome -- you know, kind of like a PyInstaller > app bundles Python ;-) > Uhhh... no, that's kind of like how Python bundles Python. That's not bundling *an app*. You update Chrome once, and every app is updated. Again, thank you for restating my point, but trying to make it sound like a counter-argument. > Chris A: I ask you to let this go -- Python can be used for many different > kinds of application development. And those different use cases have > different needs. And Desktop GUI applications, in particular, really, really, > do need a "bundling" system -- at least on the Mac and Windows. > But do all bundles have to be native executables? PLEASE reread the above posts. I have never said that native executables should never exist, but I have said that many MANY applications can and should be distributed such that they use a separate installer. > It's clear that that's not the realm you work in, which is fine, and as more > and more stuff moves to the Web, there is less need for Desktop apps, but the > need is still there, and PyInstaller, and Py2app and py2exe before it (and > still) are absolutely critical tools in that space. > I've written desktop apps. I've distributed bundles before. I've done the "this has to be a one-click thing" thing. I do know what I'm talking about here. And no, native executables are usually NOT the only way to achieve "double click on this thing to make it run". > I've been using Python for over twenty years, and discovering py2exe and > py2app way back then made it possible for me to deliver multiple products > that I simply could not have done without them. (and still do). Our users > have NO IDEA that they are built with Python, and that's perfect -- they can > just download, install, and have a working, native, desktop app. And it will > keep working, even when their sysadmin tells them they can't have Python 2 > installed anymore because it's no longer maintained. > But they ARE allowed to continue using a Python 2 that was bundled with something? Is that how it goes - you're not allowed to use a legacy interpreter if you're aware of it, but it's fine as long as it's hidden behind a binary that nobody can touch? Please. Before you rehash all my arguments back at me again, READ THE THREAD. I have never said that native executables shouldn't ever exist. I have never said that zipapp is the one true way to distribute code. I have never once hinted at the notion that all users are idiots who can only ever run a .exe file, nor have I said that everyone should open source their code, or a host of other arguments that I haven't made. Please, can people stop answering arguments that haven't been made, and actually respond to what has? ChrisA _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/OUEIMB7I35Q7WPMUQBSPLVY2YEL4H5DE/ Code of Conduct: http://python.org/psf/codeofconduct/
