Packaging a proprietary Python library for multiple OSs

Michael Herrmann michael.herrmann at heliumhq.com
Thu Dec 5 10:49:35 EST 2013 

On Thursday, December 5, 2013 3:09:32 PM UTC+1, Roy Smith wrote:
> >  1. Is it considered a bad idea in the Python community to ship one large Zip file with all dependencies?
> Yes.

I see. Unfortunately, the library's users may be non-technical and might not even have experience with Python. The easier the installation process, therefore, the better.

> > How do *you* prefer to obtain and install Python libraries?
> "pip install"

Thanks for this input.

> >  2. Is it possible to distribute the library in a form that allows for an 
> >  offline installation without administrator privileges using other tools, 
> >  such as setuptools?
> 
> You can use "pip --find-links" to point pip at a local repository of 
> packages.  That solves the offline part.  And the "without admin privs" 
> part is solved by setting up a virtualenv.

Both "pip --find-links" and "virtualenv" sound technically feasible but may be too difficult for my users (especially virtualenv).

> > A hard requirement is that I can only ship binary distributions of my 
> > library, as this is a proprietary product. I looked at Distutils and 
> > Setuptools, where the recommended approach seems to be to simply ship all 
> > sources.
> Keep in mind that shipping just the pyc files offers very weak 
> protection against people examining your code.  Google for "python 
> decompile" and you'll find a number of projects.  I'm looking at the 
> docs for uncompyle now, which says:
> > 'uncompyle' converts Python byte-code back into equivalent Python
> > source. It accepts byte-code from Python version 2.7 only.

Very interesting point. Thank you very much for pointing out uncompyle. I had always known that it was easy to decompile .pyc files, but hadn't imagined it to be that easy. I just tried uncompyle with some of our proprietary .pyc files. It took 5 minutes to set up and the results are near-perfect. Scary... :-S We might have to look into tools such as http://www.bitboost.com/#Python_obfuscator to obfuscate our code.

Thanks for the valuable insights!
Michael

More information about the Python-list mailing list