On Sat, Nov 21, 2020 at 1:35 PM Christopher Barker <pythonchb@gmail.com> wrote:
I'm not sure I should get involved in this, but ....
On Fri, Nov 20, 2020 at 12:53 AM Chris Angelico <rosuav@gmail.com> wrote:
Let's suppose that there's a vulnerability discovered in the V8 JavaScript interpreter (the one behind Node.js and Google Chrome and such). Does everyone who's ever published a web app now have to push out a new version?
No, but anyone that has published an Electron app does.
Yes, and that has been a problem for me. Electron apps whose authors haven't released an update. I am unable to run them in a safer interpreter, and am forced to either continue using the one that was bundled, or stop using the app. That is *the entire point*.
Oh, and Chrome itself needs to be updated -- only on what, millions of machines? V8 is bundled with Chrome -- you know, kind of like a PyInstaller app bundles Python ;-)
Uhhh... no, that's kind of like how Python bundles Python. That's not bundling *an app*. You update Chrome once, and every app is updated. Again, thank you for restating my point, but trying to make it sound like a counter-argument.
Chris A: I ask you to let this go -- Python can be used for many different kinds of application development. And those different use cases have different needs. And Desktop GUI applications, in particular, really, really, do need a "bundling" system -- at least on the Mac and Windows.
But do all bundles have to be native executables? PLEASE reread the above posts. I have never said that native executables should never exist, but I have said that many MANY applications can and should be distributed such that they use a separate installer.
It's clear that that's not the realm you work in, which is fine, and as more and more stuff moves to the Web, there is less need for Desktop apps, but the need is still there, and PyInstaller, and Py2app and py2exe before it (and still) are absolutely critical tools in that space.
I've written desktop apps. I've distributed bundles before. I've done the "this has to be a one-click thing" thing. I do know what I'm talking about here. And no, native executables are usually NOT the only way to achieve "double click on this thing to make it run".
I've been using Python for over twenty years, and discovering py2exe and py2app way back then made it possible for me to deliver multiple products that I simply could not have done without them. (and still do). Our users have NO IDEA that they are built with Python, and that's perfect -- they can just download, install, and have a working, native, desktop app. And it will keep working, even when their sysadmin tells them they can't have Python 2 installed anymore because it's no longer maintained.
But they ARE allowed to continue using a Python 2 that was bundled with something? Is that how it goes - you're not allowed to use a legacy interpreter if you're aware of it, but it's fine as long as it's hidden behind a binary that nobody can touch? Please. Before you rehash all my arguments back at me again, READ THE THREAD. I have never said that native executables shouldn't ever exist. I have never said that zipapp is the one true way to distribute code. I have never once hinted at the notion that all users are idiots who can only ever run a .exe file, nor have I said that everyone should open source their code, or a host of other arguments that I haven't made. Please, can people stop answering arguments that haven't been made, and actually respond to what has? ChrisA