Re: Can I trust downloading Python?
On Saturday, September 7, 2013 9:17:46 PM UTC-4, Aaron Martin wrote: Hi, I am thinking about getting a software but it requires python, so that brought up a few questions. Is it safe do download python, and does it come with spam or advertisements? If it doesn't then should I get the latest version? I mostly want to know if it is safe to download, because most of the time downloading free stuff off the internet comes with spam and all that, so I want to know if I can trust downloading it. Hope others find this article helpful and relevant: http://www.eweek.com/developer/open-source-python-code-sets-new-standard-for-quality-study.html/?kc=EWKNLEAU09102013BESTOF2dni=77668545rni=22939981 A development testing company (Coverity) reports that the core Python platform has a very low number of source code defects and its developers effect repairs to known flaws very readily, as compared to other open-source projects. I can't attest to the validity of the claim (one way or the other), but it is something worth noting -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On 10 September 2013 01:06, Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote: On Mon, 09 Sep 2013 12:19:11 +, Fattburger wrote: But really, we've learned *nothing* from the viruses of the 1990s. Remember when we used to talk about how crazy it was to download code from untrusted sites on the Internet and execute it? We're still doing it, a hundred times a day. Every time you go on the Internet, you download other people's code and execute it. Javascript, Flash, HTML5, PDF are all either executable, or they include executable components. Now they're *supposed* to be sandboxed, but we've gone from don't execute untrusted code to let's hope my browser doesn't have any bugs that the untrusted code might exploit. You could have also mentioned pip/PyPI in that. 'pip install X' downloads and runs arbitrary code from a largely unmonitored and uncontrolled code repository. The maintainers of PyPI can only try to ensure that the original author of X would remain in control of what happens and could remove a package X if it were discovered to be malware. However they don't have anything like the resources to monitor all the code coming in so it's essentially a system based on trust in the authors where the only requirement to be an author is that you have an email address. Occasionally I see the suggestion to do 'sudo pip install X' which literally gives root permissions to arbitrary code coming straight from the net. Oscar -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On 10.09.2013 11:45, Oscar Benjamin wrote: On 10 September 2013 01:06, Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote: On Mon, 09 Sep 2013 12:19:11 +, Fattburger wrote: But really, we've learned *nothing* from the viruses of the 1990s. Remember when we used to talk about how crazy it was to download code from untrusted sites on the Internet and execute it? We're still doing it, a hundred times a day. Every time you go on the Internet, you download other people's code and execute it. Javascript, Flash, HTML5, PDF are all either executable, or they include executable components. Now they're *supposed* to be sandboxed, but we've gone from don't execute untrusted code to let's hope my browser doesn't have any bugs that the untrusted code might exploit. You could have also mentioned pip/PyPI in that. 'pip install X' downloads and runs arbitrary code from a largely unmonitored and uncontrolled code repository. The maintainers of PyPI can only try to ensure that the original author of X would remain in control of what happens and could remove a package X if it were discovered to be malware. However they don't have anything like the resources to monitor all the code coming in so it's essentially a system based on trust in the authors where the only requirement to be an author is that you have an email address. Occasionally I see the suggestion to do 'sudo pip install X' which literally gives root permissions to arbitrary code coming straight from the net. Oscar Interesting observation -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Tue, Sep 10, 2013 at 10:06 AM, Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote: Of course, Linux is a much harder target than the average unpatched Windows box, and there are probably easier ways to get access to your files if they really need to. Plus Linux isn't a single target. You can search the internet for Windows XP boxes and there's an extremely high chance they'll all be running the same base services; when you're attacking Linux, there's a much MUCH smaller set of common code, with most attacks being aimed at an application - which may or may not be running on any given computer. So there's a lot less chance that you'll be randomly assaulted just for connecting to the internet; the attacks are most likely to come from browsing a site that exploits a Javascript vulnerability. I'm not particularly bothered by the possibility of someone snooping at what I'm doing. Oh how terrible, they'll discover that I'm just as nerdy in private as I am in public... ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Tue, 10 Sep 2013 10:45:16 +0100, Oscar Benjamin wrote: On 10 September 2013 01:06, Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote: [rant about executing code over the internet] You could have also mentioned pip/PyPI in that. 'pip install X' downloads and runs arbitrary code from a largely unmonitored and uncontrolled code repository. The maintainers of PyPI can only try to ensure that the original author of X would remain in control of what happens and could remove a package X if it were discovered to be malware. However they don't have anything like the resources to monitor all the code coming in so it's essentially a system based on trust in the authors where the only requirement to be an author is that you have an email address. Occasionally I see the suggestion to do 'sudo pip install X' which literally gives root permissions to arbitrary code coming straight from the net. Sure, but there's a significant difference here. If I were to run pip install foo, I'm explicitly choosing to trust that code. If I don't trust it, I simply don't run pip install. Merely going to the PyPI website for package foo doesn't run foo, nor does viewing the code, or even running hg update (or git) on the repository. By default, foo doesn't run unless I explicitly run it. pip is *fail safe* -- if it fails, or if I don't run it, nothing gets executed. In contrast, if I go to foo.com, the default is everything will run. I have *no idea* what's going to happen until I get there. The default is run anything, unless explicitly turned off instead of don't run, unless explicitly turned on. Even if I run NoScript in my browser, or turn off Javascript in my browser, I'm hoping that there isn't some executable protocol that NoScript doesn't block, or only partially blocks (What do you mean web fonts contain executable code?), or maybe I turned Javascript back on so some other site works and forgot to turn it off again. Our browsers are fail unsafe -- if they fail, they can run untrusted code. You can't even say well if you don't trust foo.com, don't go there because while foo.com itself might be trusted, they're probably selling advertising, and the advert itself is executable and could come from anyone, anywhere. Imagine that every time you walked into a shop, the shop could instantly, irreversibly and silently deduct whatever amount of money from your credit card it liked, unless you remembered to put your credit card inside a metal wallet before entering the store. But most stores won't let you in if you do, or at least the shopping experience is painful. So we just hope that the store won't take advantage of that ability and rob us blind. That's not too far from the Internet security model. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
Every time you go on the Internet, you download other people's code and execute it. Javascript, Flash, HTML5, PDF are all either executable, or they include executable components. That's why I deactivate all of these by default. And why I *hate* so-called web designers who *require* activation of such fancy flashy nonsense gadgets. PDF files are an exception since PDF was originally designed as a safe subset of Postscript (postscript viruses had been demonstrated). Now Adobe has jeopardized this by allowing embedding of Javascript in PDF files (but that as well is deactivated by default for me). Sincerely, Wolfgang -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Mon, 09 Sep 2013 02:39:09 +1000, Chris Angelico wrote: On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel chot...@earthlink.net wrote: I think this article is relevant althought the code examples are not Python but C: http://cm.bell-labs.com/who/ken/trust.html That is quite true, and yet not truly helpful here :) It's like pointing out that we could be being fed false information, and then suggesting that The Matrix is technically possible. Once you start distrusting to that level, you become paranoid to a point that's inappropriate to all but the most critical situations. I'd accept and maybe even recommend that sort of paranoia if you're running a nuclear power station, or an automated weapon system capable of firing missiles that destroy the planet, or a bank that holds everyone's money. For the average Joe, there's no point panicking. Also: That hack works beautifully when there's precisely one C compiler. In today's world, there are many (well known ones like gcc, clang, MS Visual Studio (whatever the compiler from that is called), and a bunch of lesser-known ones as well), and it's pretty easy to just grab a different compiler and build. The chances that your code will be falsely compiled by TWO compilers would have to be infinitesimal, and you needn't stop at two. That logic is dubious. Compilers aren't compromised by chance, and we don't know the a priori probability of any specific compiler being compromised. That depends on the attacker, surely? We know, for example, that the NSA has compromised multiple brands of router, smart phone and similar. If they, or some other similar organisation with equivalent capabilities, were going to attack compilers in the same manner, they surely wouldn't stop at one. Would people notice? How often do people compare the machine code output of two different compilers, looking for back-doors in the generated code? Would you know where to look? If you found some differences, wouldn't you likely just chalk it up to different compilers producing different code? I think the best argument against this suggestion is that it would be an order of magnitude harder to compromise open source compilers, as you discuss below, and therefore gcc is *probably* (but not certainly) safe. But closed source? If Microsoft inserted a backdoor into Windows 8 on behalf of the NSA, as seems to be the case, then surely they'd also do the same to Visual Studio if asked. Organisations like the NSA don't operate under the rule if there is one single uncompromised machine on the planet, we've lost. It's a numbers game. If (hypothetically speaking) they had inserted backdoors into Visual Studio, gcc and clang, but not Larry's Cool C Compiler, I don't think they're going to lose sleep over that. Since many people build (to take one example) gcc from source, using an old version of gcc, the hack would have to be propagated to all current gcc builds in some way - you can't simply build once and install the binary as the official C compiler, not in today's distributed society. (If you're truly paranoid, you might believe that gcc has had the hack in it since its inception. But some people build gcc using other compilers, too.) Yep, I agree -- although probably no individual has inspected the entire tool chain involved in building gcc, enough people have inspected each individual component that we can be reasonably confident that it is okay. If you can't trust any code you didn't write yourself, You trust yourself? You sheeple! The truly cautious man doesn't even trust himself. You might be an unconscious sleeper agent. Haven't you watched The Running Man? (Ha ha only serious.) -- Steven -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On 09/09/2013 04:41 AM, Steven D'Aprano wrote: On Mon, 09 Sep 2013 02:39:09 +1000, Chris Angelico wrote: On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel chot...@earthlink.net wrote: I think this article is relevant althought the code examples are not Python but C: http://cm.bell-labs.com/who/ken/trust.html That is quite true, and yet not truly helpful here :) It's like pointing out that we could be being fed false information, and then suggesting that The Matrix is technically possible. Once you start distrusting to that level, you become paranoid to a point that's inappropriate to all but the most critical situations. I'd accept and maybe even recommend that sort of paranoia if you're running a nuclear power station, or an automated weapon system capable of firing missiles that destroy the planet, or a bank that holds everyone's money. For the average Joe, there's no point panicking. Also: That hack works beautifully when there's precisely one C compiler. In today's world, there are many (well known ones like gcc, clang, MS Visual Studio (whatever the compiler from that is called), and a bunch of lesser-known ones as well), and it's pretty easy to just grab a different compiler and build. The chances that your code will be falsely compiled by TWO compilers would have to be infinitesimal, and you needn't stop at two. That logic is dubious. Compilers aren't compromised by chance, and we don't know the a priori probability of any specific compiler being compromised. That depends on the attacker, surely? We know, for example, that the NSA has compromised multiple brands of router, smart phone and similar. If they, or some other similar organisation with equivalent capabilities, were going to attack compilers in the same manner, they surely wouldn't stop at one. But (and this is stepping into *really* paranoid territory here. But maybe not beyond the realm of possibility) it would not be so hard to compromise compilers at the chip level. If the NSA were to strike an agreement with, say, Intel so that every time a compiler ran on the system, secret code was discreetly inserted into the binary, it would be nearly impossible to detect and a very elegant solution to a tough problem. -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Sun, 08 Sep 2013 03:37:15 +, Dave Angel wrote: 1) what OS are you running? Actually, we can be pretty sure you're running Windows, since any other common operating system would have already included Python. Plus I don't often run into Linux users who worry about viruses, unless the braces-and-pimples crowd has expanded its horizons recently and started creating malware that does anything in Linux. -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On 09/09/2013 05:02 AM, Anthony Papillion wrote: But (and this is stepping into *really* paranoid territory here. But maybe not beyond the realm of possibility) it would not be so hard to compromise compilers at the chip level. If the NSA were to strike an agreement with, say, Intel so that every time a compiler ran on the system, secret code was discreetly inserted into the binary, it would be nearly impossible to detect and a very elegant solution to a tough problem. Indeed it is really paranoid territory, but now doesn't seem quite as far fetched as one originally thought a few years ago! We'll still trust (we have to; we have no other choice), but the level of trust in computers in general has certainly gone down a notch and will never quite be the same. -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On 09/09/2013 10:40 AM, William Ray Wing wrote: I think that is pretty far fetched. It requires recognition that a compiler is being compiled. I'd be REALLY surprised if there were a unique sequence of hardware instructions that was common across every possible compiler (current and future) and which wouldn't (couldn't) exist in arbitrary non-compiller execution, which could be used to trigger insertion of a backdoor. Agreed. Most of the damage done by the NSA is in the realm of social engineering more than technical. IE they compromise companies more than the algorithms themselves. The end points always are the weak things. And yes, Free software that is open source is more resistant to such tampering. -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Sep 9, 2013, at 12:23 PM, Michael Torrie torr...@gmail.com wrote: On 09/09/2013 05:02 AM, Anthony Papillion wrote: But (and this is stepping into *really* paranoid territory here. But maybe not beyond the realm of possibility) it would not be so hard to compromise compilers at the chip level. If the NSA were to strike an agreement with, say, Intel so that every time a compiler ran on the system, secret code was discreetly inserted into the binary, it would be nearly impossible to detect and a very elegant solution to a tough problem. Indeed it is really paranoid territory, but now doesn't seem quite as far fetched as one originally thought a few years ago! We'll still trust (we have to; we have no other choice), but the level of trust in computers in general has certainly gone down a notch and will never quite be the same. -- https://mail.python.org/mailman/listinfo/python-list I think that is pretty far fetched. It requires recognition that a compiler is being compiled. I'd be REALLY surprised if there were a unique sequence of hardware instructions that was common across every possible compiler (current and future) and which wouldn't (couldn't) exist in arbitrary non-compiller execution, which could be used to trigger insertion of a backdoor. -Bill -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Mon, 09 Sep 2013 12:19:11 +, Fattburger wrote: On Sun, 08 Sep 2013 03:37:15 +, Dave Angel wrote: 1) what OS are you running? Actually, we can be pretty sure you're running Windows, since any other common operating system would have already included Python. Plus I don't often run into Linux users who worry about viruses, unless the braces-and-pimples crowd has expanded its horizons recently and started creating malware that does anything in Linux. Hello, the 1990s called and want their stereotypes back. Malware in 2013 is not about loser nerds erasing your hard drive for the lulz. It's a multi-million dollar a year business, mostly driven by spammers, but with small yet profitable niche markets for industrial espionage and blackmail (we've encrypted your files -- pay us $100 and we'll send you the key). Plus so-called law enforcement[1] uses it to break into people's computers, for keylogging, etc., and you better believe they have cracks targeted at Linux. Of course, Linux is a much harder target than the average unpatched Windows box, and there are probably easier ways to get access to your files if they really need to. But really, we've learned *nothing* from the viruses of the 1990s. Remember when we used to talk about how crazy it was to download code from untrusted sites on the Internet and execute it? We're still doing it, a hundred times a day. Every time you go on the Internet, you download other people's code and execute it. Javascript, Flash, HTML5, PDF are all either executable, or they include executable components. Now they're *supposed* to be sandboxed, but we've gone from don't execute untrusted code to let's hope my browser doesn't have any bugs that the untrusted code might exploit. The people driving malware these days are not script-kiddies, but professionals, up to and including some of the smartest and most highly funded professionals in the world. Stuxnet anyone? [1] I say so-called, because far too often the people who are supposed to be upholding the law are actually breaking the law with impunity. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Sun, 08 Sep 2013 03:37:15 +, Dave Angel wrote: You can run a 32bit Python on 64bit OS, but not the oter way around. And most people just match the bitness of Python against the bitness of the OS. AFAICT, most people run 32-bit Python on any version of Windows. [And this isn't limited to Python; most of the software on my Win64 system is 32-bit. And most of the 64-bit software is accounted for by software which has to be 64-bit due to containing device drivers, shell extensions or similar.] Any add-on package which provides pre-compiled binaries will provide 32-bit binaries. Some of them will also provide 64-bit binaries, some of them won't. So unless you think that you might need to use more than 3-4 GiB of RAM for a single Python process, or you need to use certain libraries which are only available as 64-bit, getting the 32-bit version is typically the safest option. -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Sat, 07 Sep 2013 21:04:59 -0600, Michael Torrie wrote: As for trusting python in general, I do trust the python developers, but recent NSA revelations call just about all aspects of computing, trust, and privacy into doubt. Recent revelations? Where have you been for the last, oh, 20 odd years? Remember when people who talked about Carnivore and Echelon were considered in tin-foil hat territory? I do. I think it was Paul Krugman who talks about the one thing worse than being wrong is being right too soon. In context, he's referring to the Bush administration's adventures in Iraq, and how those who were right a decade ago are still routinely ignored even after being proven right, while the Very Serious People who were utterly, obviously wrong are still feted as experts. The same applies to the surveillance society. This didn't just appear overnight. You don't build programmes the size and complexity of PRISM, Tempora, Stellawind, X-Keyscore, Dropmire, and no doubt others that we still don't know about, overnight. When it comes to NSA spying, before Edward Snowden, there were these other guys: http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/ And if you think it's just the NSA, you *really* haven't been paying attention. From 2005: http://www.noplacetohide.net/ -- Steven -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
Definitely get the latest version (currently 3.3, soon 3.4). Python keeps getting new features and improvements. Python scripts or applications might not be compatible with Python 3.x and require 2.x instead. Sincerely, Wolfgang -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
Steven D'Aprano steve+comp.lang.pyt...@pearwood.info wrote in message news:522c6e4e$0$29988$c3e8da3$54964...@news.astraweb.com... On Sat, 07 Sep 2013 21:04:59 -0600, Michael Torrie wrote: As for trusting python in general, I do trust the python developers, but recent NSA revelations call just about all aspects of computing, trust, and privacy into doubt. Recent revelations? Where have you been for the last, oh, 20 odd years? Remember when people who talked about Carnivore and Echelon were considered in tin-foil hat territory? I do. I think it was Paul Krugman who talks about the one thing worse than being wrong is being right too soon. In context, he's referring to the Bush administration's adventures in Iraq, and how those who were right a decade ago are still routinely ignored even after being proven right, while the Very Serious People who were utterly, obviously wrong are still feted as experts. The same applies to the surveillance society. This didn't just appear overnight. You don't build programmes the size and complexity of PRISM, Tempora, Stellawind, X-Keyscore, Dropmire, and no doubt others that we still don't know about, overnight. When it comes to NSA spying, before Edward Snowden, there were these other guys: http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/ And if you think it's just the NSA, you *really* haven't been paying attention. From 2005: http://www.noplacetohide.net/ -- Steven I think this article is relevant althought the code examples are not Python but C: http://cm.bell-labs.com/who/ken/trust.html -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel chot...@earthlink.net wrote: I think this article is relevant althought the code examples are not Python but C: http://cm.bell-labs.com/who/ken/trust.html That is quite true, and yet not truly helpful here :) It's like pointing out that we could be being fed false information, and then suggesting that The Matrix is technically possible. Once you start distrusting to that level, you become paranoid to a point that's inappropriate to all but the most critical situations. I'd accept and maybe even recommend that sort of paranoia if you're running a nuclear power station, or an automated weapon system capable of firing missiles that destroy the planet, or a bank that holds everyone's money. For the average Joe, there's no point panicking. Also: That hack works beautifully when there's precisely one C compiler. In today's world, there are many (well known ones like gcc, clang, MS Visual Studio (whatever the compiler from that is called), and a bunch of lesser-known ones as well), and it's pretty easy to just grab a different compiler and build. The chances that your code will be falsely compiled by TWO compilers would have to be infinitesimal, and you needn't stop at two. Since many people build (to take one example) gcc from source, using an old version of gcc, the hack would have to be propagated to all current gcc builds in some way - you can't simply build once and install the binary as the official C compiler, not in today's distributed society. (If you're truly paranoid, you might believe that gcc has had the hack in it since its inception. But some people build gcc using other compilers, too.) If you can't trust any code you didn't write yourself, you're left with Rene Descartes' line I think, therefore I am - it's impossible to prove anything else, since you can't trust your senses. So go ahead! Distrust everything and use nothing. Or accept that, even if you're the target of a huge conspiracy, it doesn't even matter, because life still goes on :) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On 9/8/2013 9:29 AM, Wolfgang Keller wrote: Definitely get the latest version (currently 3.3, soon 3.4). Python keeps getting new features and improvements. Python scripts or applications might not be compatible with Python 3.x and require 2.x instead. And the other way around. -- Terry Jan Reedy -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
I capitalize Free to avoid confusing it with free as in beer. On Sunday, September 8, 2013 3:01:58 AM UTC, Ben Finney wrote: Aaron Martin aaronspencermar...@gmail.com writes: Hi, I am thinking about getting a software but it requires python, so that brought up a few questions. Is it safe do download python, and does it come with spam or advertisements? Python is free software, meaning that every recipient is free to improve it and redistribute the result. URL:https://en.wikipedia.org/wiki/Free_software Free software rarely has the problems you describe – spam and advertisements – and never has them for long, because those problems are quickly improved (by eradicating the annoying problem), and the improved version becomes what people share. If it doesn't then should I get the latest version? The latest stable version is Python 3.3, and this version is strongly recommended for people who will be developing with Python. But you say that you are getting Python because you have some other program that requires Python. Which version of Python does it require? Download and install the latest version that is supported for the program you are wanting to use. I mostly want to know if it is safe to download, because most of the time downloading free stuff off the internet comes with spam and all that, so I want to know if I can trust downloading it. Ah, your experience is with zero-cost non-free software. Non-free software is prone to have spam and advertisements, and many other problems that arise from disrespect for the recipient's freedom. So your caution is well advised. Know that free software respects your freedom, and Python is free software. URL:https://www.fsf.org/about/what-is-free-software Welcome, and good fortune to you in using Python! -- \ “I was trying to daydream, but my mind kept wandering.” —Steven | `\Wright | _o__) | Ben Finney -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On Sun, Sep 8, 2013 at 11:17 AM, Aaron Martin aaronspencermar...@gmail.com wrote: Hi, I am thinking about getting a software but it requires python, so that brought up a few questions. Is it safe do download python, and does it come with spam or advertisements? If it doesn't then should I get the latest version? I mostly want to know if it is safe to download, because most of the time downloading free stuff off the internet comes with spam and all that, so I want to know if I can trust downloading it. Yes, you can trust Python. If you don't like the precompiled versions, you can simply download the source code (plain text files) and build your own, so any advertising in it could be removed very easily - and would thus be worthless, so nobody bothers to put any there. Open Source is different from ad-funded software; both of them cost you no money, but there's a complete difference in philosophy. Definitely get the latest version (currently 3.3, soon 3.4). Python keeps getting new features and improvements. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
Aaron Martin aaronspencermar...@gmail.com writes: Hi, I am thinking about getting a software but it requires python, so that brought up a few questions. Is it safe do download python, and does it come with spam or advertisements? Python is free software, meaning that every recipient is free to improve it and redistribute the result. URL:https://en.wikipedia.org/wiki/Free_software Free software rarely has the problems you describe – spam and advertisements – and never has them for long, because those problems are quickly improved (by eradicating the annoying problem), and the improved version becomes what people share. If it doesn't then should I get the latest version? The latest stable version is Python 3.3, and this version is strongly recommended for people who will be developing with Python. But you say that you are getting Python because you have some other program that requires Python. Which version of Python does it require? Download and install the latest version that is supported for the program you are wanting to use. I mostly want to know if it is safe to download, because most of the time downloading free stuff off the internet comes with spam and all that, so I want to know if I can trust downloading it. Ah, your experience is with zero-cost non-free software. Non-free software is prone to have spam and advertisements, and many other problems that arise from disrespect for the recipient's freedom. So your caution is well advised. Know that free software respects your freedom, and Python is free software. URL:https://www.fsf.org/about/what-is-free-software Welcome, and good fortune to you in using Python! -- \ “I was trying to daydream, but my mind kept wandering.” —Steven | `\Wright | _o__) | Ben Finney -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On 09/07/2013 07:17 PM, Aaron Martin wrote: Hi, I am thinking about getting a software but it requires python, so that brought up a few questions. Is it safe do download python, and does it come with spam or advertisements? If it doesn't then should I get the latest version? I mostly want to know if it is safe to download, because most of the time downloading free stuff off the internet comes with spam and all that, so I want to know if I can trust downloading it. Yes if you download binaries from the official sources (python.org web site) there is a reasonable assumption that the binary is free from malware or viruses. I've never heard of programmings coming with spam before ;). Usually that arrives unbidden in my inbox. As for trusting python in general, I do trust the python developers, but recent NSA revelations call just about all aspects of computing, trust, and privacy into doubt. -- https://mail.python.org/mailman/listinfo/python-list
Re: Can I trust downloading Python?
On 7/9/2013 21:17, Aaron Martin wrote: Hi, I am thinking about getting a software but it requires python, so that brought up a few questions. Is it safe do download python, and does it come with spam or advertisements? If it doesn't then should I get the latest version? I mostly want to know if it is safe to download, because most of the time downloading free stuff off the internet comes with spam and all that, so I want to know if I can trust downloading it. Python is available without ads, trojans, viruses, or other malware. However, the internet is a big place, and there are undoubtedly some places which will add their own garbage to the download. If you get Python from python.org, or from activestate.com, it'll be safe. Someone here will be glad to give you a link, once you identify just what you actually need: 1) what OS are you running? Actually, we can be pretty sure you're running Windows, since any other common operating system would have already included Python. But you will need to know whether it's 32bit or 64 bit OS. You can run a 32bit Python on 64bit OS, but not the oter way around. And most people just match the bitness of Python against the bitness of the OS. 2) What version of Python does that software you're talking about require? The two most lkely candidates are 2.7 or 3.3 There are packages out there that haven't yet ported to 3.x, so you may be stuck with 2.7. But if the package is older, you might even need 2.6 -- DaveA -- https://mail.python.org/mailman/listinfo/python-list