[Python-Dev] __file__

Nick Coghlan ncoghlan at gmail.com
Sat Feb 27 16:38:40 CET 2010

Steven D'Aprano wrote:
> On Sat, 27 Feb 2010 09:09:26 am Brett Cannon wrote:
>> I think it's almost a dis-service to support bytecode-only
>> files as it leads people who are misinformed or simply don't take the
>> time to understand what is contained in a .pyc file into a false
>> sense of security about their code not being easy to examine by
>> someone else.
> You say that as if it were a bad thing.
> *wink*
> Personally, I can't imagine ever wanting to ship a .pyc module without 
> the .py, but since Python already gives people the opportunity to shoot 
> themselves in the foot, meh, we're all adults here. I do recall a 
> poster on comp.lang.python pulling his hair out over a customer who was 
> too big to fire, but who had the obnoxious habit of making random 
> so-called "fixes" to the poster's .py files, so perhaps byte-code only 
> distribution isn't all bad.

I think the use case of "keep the user from fiddling casually with our
application" is a valid one.

There's a fairly vast difference between "open source file, edit code,
hit save" and "decompile pyc, open decompiled source file, edit code,
save next to pyc with correct name". The former makes it easy for folks
that know just enough to be dangerous to get themselves in trouble. The
latter raises the bar far enough that people with the ability to do it
should also know better than to try (or at least, not to call the
support line when it doesn't work).

I do like the idea of pulling .pyc only imports out into a separate
importer, but would go so far as to suggest keeping them as a command
line option rather than as a separately distributed module.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-Dev mailing list