On 09/11/2017 01:47 AM, Stephan Houben wrote: > Op 2017-09-10, Marko Rauhamaa schreef <ma...@pacujo.net>: >> Stephan Houben <stephan...@gmail.com.invalid>: >>> >>> Why not bundle the Python interpreter with your application? >>> It seems to work for Windows developers... >> >> I've seen that done for Python and other technologies. It is an >> expensive route to take. Also, it can be insecure. When vulnerabilities >> are found, they are communicated to the maintainers of, say, Python. >> When Python is fixed and released, the vulnerability is revealed, but >> the version bundled with your product is still broken. You have to be >> prepared perform an emergency release of your product and hope you don't >> mess things up. > > To each his own, but this is not different from any other > third-party package your application depends on.
Actually, no it's completely different. Except for compiled modules, third-party packages (vetted and approved of course) can be bundled in your app's python file tree as simple python files, all trackable via a single git repository or some other change management tool. Not so for binary installations that include various libraries, config files, and binaries. The biggest issue is configuration management. As I mentioned in my other post, we used to have a policy for our servers that installation from source was strongly discouraged, and in some cases simply not allowed. This wasn't just for security; it was for managing configuration of the servers. When everything is packaged up nicely, it's trivial to deploy to new machines. Even our own software would often be wrapped up in RPMs. That said, requiring a dependency on EPEL is, in my opinion completely valid for your enterprise customers. In all likelihood EPEL is already in use anyway. Docker is another possibility as more and more enterprises are using it to deploy software to machines dynamically. Of course this has the same problem Marko mentioned earlier. If the docker container maintainer isn't constantly keeping it up to date, security flaws in the docker image will be a problem. -- https://mail.python.org/mailman/listinfo/python-list