[Python-Dev] Licensing issue (?) for Frozen Python? [was: More optimisation ideas]

[Stephen J. Turnbull]

Chris Angelico writes:

 > And even the GPL doesn't require you to distribute the source along
 > with every copy of the binary. As long as the source is *available*,
 > it's acceptable to distribute just the binary for convenience.

True (and it would apply to frozen Python as long as the source
includes the build scripts such as setup.py used to "freeze" Python),
but it can be complex (especially for commercial distribution).

However, the technical problem remains.  For example, you mention
Debian.  While Debian keeps its source and binary packages very close
to "in sync" on the server, there are several gotchas.  For example,
Debian does not restrict itself to packaging patches, it sometimes
breaks your security when it thinks it's smarter than Bruce.  So
... is the corresponding source you're interested in the patched or
unpatched source?  Do you know which you get when you install the
source package?  Do you know how to get the other?  Suppose for
reasons of stability you've "pinned" the binary.  Is the corresponding
Debian source package still easily available?  Did you think of that
gotcha when you installed the source package, or did you just assume
they were still in sync?  I'm sure somebody with the "security
mindset" (eg, Bruce) can think of many more....

It's not Python's responsibility to solve these gotchas, of course.
Many (eg, do you want patched vs. unpatched) are use-case-dependent
anyway.  However, many of them do go away (and Python has fulfilled
any imaginable responsibility) if we distribute source with the
binaries, or arrange that binaries are built from source at
installation.