[Python-Dev] __file__

Doug Hellmann doug.hellmann at gmail.com
Sat Feb 27 02:20:26 CET 2010 

On Feb 26, 2010, at 5:59 PM, Michael Foord wrote:
> On 26/02/2010 22:09, Brett Cannon wrote:
>>>>>>>> On Thu, Feb 25, 2010 at 16:13, Greg Ewing <greg.ewing at canterbury.ac.nz 
>> > wrote:
>> Michael Foord wrote:
>>>> I thought we agreed at the language summit that if a .pyc was in 
>> the place of the source file it *could* be imported from - making 
>> pyc only distributions possible.
>>>> Ah, that's okay, then. Sorry about the panic!
>>>>>> Michael is right about what as discussed at the language summit, 
>> but Barry means what he says; if you look at the PEP as it 
>> currently stands it does not support bytecode-only modules.
>>>> Barry and I discussed how to implement the PEP at PyCon after the 
>> summit and supporting bytecode-only modules quickly began to muck 
>> with the semantics and made it harder to explain (i.e. what to set 
>> __file__ vs. __compiled__ based on what is or is not available and 
>> how to properly define get_paths for loaders). But a benefit of no 
>> longer supporting bytecode-only modules by default is it cuts back 
>> on possible stat calls which slows down Python's startup time (a 
>> complaint I hear a lot). Performance issues become even more acute 
>> if you try to come up with even a remotely proper way to have 
>> backwards-compatible support in importlib for its ABCs w/o forcing 
>> caching on all implementors of the ABCs.
>>>> As for having a dependency on a loader, I don't see how that is 
>> obscure; it's just a dependency your package has that you handle at 
>> install-time.
>>>> And personally, I don't see what bytecode-only modules buy you. The 
>> obfuscation argument is bunk as we all know. Bytecode contains so 
>> much data that disassembling it gives you a very clear picture of 
>> what the original code was like.
>> Well, understanding bytecode is *still* requires a higher level of 
> understanding than the *majority* of Python programmers. Added to 
> which there are no widely available tools that *I'm* aware of for 
> decompiling recent versions of Python (decompyle worked up to Python 
> 2.4 but then went closed source as a commercial service [1].
>> The situation is analagous to .NET assemblies by the way (which 
> *can* be trivially decompiled by several widely available tools). 
> Having a non-source distribution prevents your users from changing 
> things and then calling you for support without them having to go to 
> a lot more effort than it is worth.
>> There are several companies who currently ship bytecode only. (There 
> was someone on the IronPython mailing list only last week asking if 
> IronPython could support pyc files for this reason). For many pointy- 
> haired-bosses 'some' protection is enough and having Python not 
> support this (out of the box) would be a black mark against Python 
> for them.

We ship bytecode only, basically for the reason Michael states here 
(keeping support costs under control from "ambitious" users).
>> I think it's almost a dis-service to support bytecode-only files as 
>> it leads people who are misinformed or simply don't take the time 
>> to understand what is contained in a .pyc file into a false sense 
>> of security about their code not being easy to examine by someone 
>> else.
>> For many use-cases some protection is enough. After all *any* DRM or 
> source-code obfuscation is breakable in the medium / long term - so 
> just enough to discourage the casual looker is probably sufficient. 
> The fact that bytecode only distributions exist speaks to that.

Right. We're more concerned with not having users muck with stuff than 
with keeping the implementation a secret, although having a bit of 
obfuscation doesn't hurt.
> Whether you believe that allowing companies who ship bytecode is a 
> disservice to them or not is fundamentally irrelevant. If they 
> believe it is a service to them then it is... :-)
>> As you can tell, I would be disappointed to see bytecode only 
> distributions be removed from the out-of-the-box functionality.

+1
Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20100226/83446bae/attachment.html>

More information about the Python-Dev mailing list

AltStyle によって変換されたページ (->オリジナル) /