On Fri, Nov 26, 2021 at 4:50 AM Richard Damon <rich...@damon-family.org> wrote: > > On 11/25/21 12:21 PM, Chris Angelico wrote: > > On Fri, Nov 26, 2021 at 4:18 AM Ulli Horlacher > > <frams...@rus.uni-stuttgart.de> wrote: > >> Chris Angelico <ros...@gmail.com> wrote: > >> > >>> Unfortunately, if you're not going to go to the effort of getting your > >>> executables signed > >> I cannot sign my executables (how can I do it anyway?), because Windows > >> deletes my executable as soon as I have compiled them! They exist only > >> for a few seconds and then they are gone. > >> > >> > >>> another reason to just distribute .py files. > >> I cannot do that because my users do not have Python installed and they > >> are not allowed to do it. > >> > > Are they really allowed to install your unsigned executables but are > > not allowed to install Python from a known and trusted source? > > > > If there's some bizarre loophole that allows them to run completely > > untrusted binary code, but not to run legitimate code that can be > > fetched from a variety of trusted places (including python.org, the > > Windows store, etc), then I'm afraid you're on your own, and will > > probably need to play around with the exact loophole to figure out > > what is going to be permitted. > > > > Alternatively, just go find the person who decides what gets > > installed, and request a Python interpreter to be added to the > > permitted list. That's probably easier, and it's certainly going to be > > better long-term. > > > > ChrisA > > My first guess is it isn't so much what is 'allowed' but what can be > easily done. > > On a somewhat locked down computer, the user does not have admin rights, > so needs to get 'IT' to run any installers that need admin permissions > to run.
Can someone confirm that it's still possible to run the Python installer without admin rights, for a per-user installation? It always used to be possible, but I haven't checked. > Likely, just copying an EXE file from an outside source may still be > against the rules (and needs approval), but some think if they can do it > and no one complains, it must be ok. On the other hand, they may have > given approval, knowing the source. Maybe. I would still consider it unlikely that you can run an EXE from an arbitrary source, but can't run a trusted installer from a known source. You're right that admin perms would be harder, but that shouldn't stop you from installing Python. Also, obligatory XKCD: https://xkcd.com/1200/ ChrisA -- https://mail.python.org/mailman/listinfo/python-list
