Packaging a proprietary Python library for multiple OSs
Michael Herrmann
michael.herrmann at heliumhq.com
Thu Dec 5 10:49:35 EST 2013
On Thursday, December 5, 2013 3:09:32 PM UTC+1, Roy Smith wrote:
> > 1. Is it considered a bad idea in the Python community to ship one large Zip file with all dependencies?
> Yes.
I see. Unfortunately, the library's users may be non-technical and might not even have experience with Python. The easier the installation process, therefore, the better.
> > How do *you* prefer to obtain and install Python libraries?
> "pip install"
Thanks for this input.
> > 2. Is it possible to distribute the library in a form that allows for an
> > offline installation without administrator privileges using other tools,
> > such as setuptools?
>
> You can use "pip --find-links" to point pip at a local repository of
> packages. That solves the offline part. And the "without admin privs"
> part is solved by setting up a virtualenv.
Both "pip --find-links" and "virtualenv" sound technically feasible but may be too difficult for my users (especially virtualenv).
> > A hard requirement is that I can only ship binary distributions of my
> > library, as this is a proprietary product. I looked at Distutils and
> > Setuptools, where the recommended approach seems to be to simply ship all
> > sources.
> Keep in mind that shipping just the pyc files offers very weak
> protection against people examining your code. Google for "python
> decompile" and you'll find a number of projects. I'm looking at the
> docs for uncompyle now, which says:
> > 'uncompyle' converts Python byte-code back into equivalent Python
> > source. It accepts byte-code from Python version 2.7 only.
Very interesting point. Thank you very much for pointing out uncompyle. I had always known that it was easy to decompile .pyc files, but hadn't imagined it to be that easy. I just tried uncompyle with some of our proprietary .pyc files. It took 5 minutes to set up and the results are near-perfect. Scary... :-S We might have to look into tools such as http://www.bitboost.com/#Python_obfuscator to obfuscate our code.
Thanks for the valuable insights!
Michael
More information about the Python-list
mailing list