On Fri, Nov 20, 2020 at 6:06 PM Brendan Barnwell <brenb...@brenbarn.net> wrote: > Yes, that's correct. All of what you described is how ordinary apps > work. If I install a program and it has a bug or security > vulnerability, then I am affected by that vulnerability. Having a way > to install a Python program as a program in its own right means that it > will also work that way. So what? That's how programs work. The fact > that my program happens to depend on Python under the hood doesn't > magically make it any different than other programs. So, again, an > executable-creating library is just a way to make Python programs work > like ordinary programs work. > > You've mentioned this objection at least twice now and I still don't > see it having any real relevance. All kinds of programs have bugs and > vulnerabilities. There is no special reason why someone should expect a > program to shield them from bugs or vulnerabilities in that program's > underlying components, whether that program is written in Python or any > other language. >
So what you're saying is: "Everyone else who distributes native executables has these problems, so Python apps distributed as native executables will have these problems". Yes. Of course they will. But a Python app distributed as a .py file or a .pyz archive *won't* have these problems. Is that of no value? The special reason is the entire point of language interpreters. Let's suppose that there's a vulnerability discovered in the V8 JavaScript interpreter (the one behind Node.js and Google Chrome and such). Does everyone who's ever published a web app now have to push out a new version? Certainly not, and I think many web devs would be offended at the mere suggestion. They expect that a browser update will automatically fix it, and it should! Why should Python apps *not* take advantage of this separation? You've mentioned this objection to my objection multiple times too, and I don't understand why you think that more vulnerabilities isn't a problem. There is no special reason why someone should expect a program to have more bugs or vulnerabilities because it's distributed as an app rather than made available through a web browser (aside from the restrictions of web browsers themselves, of course, but that's beside the point). ChrisA _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/MIFUCQSQWXNRU6G47WQ7I64XEC4KBLLG/ Code of Conduct: http://python.org/psf/codeofconduct/
