[Python-ideas] I have an encrypted python module format: .pye

[Mike Meyer]

On Sat, 12 May 2012 13:13:59 -0400
Brett Cannon <brett at python.org> wrote:

> On Fri, May 11, 2012 at 6:27 PM, li wang <charlesw123456 at gmail.com> wrote:
> > I want to use python in my product because I like and familiar with
> > python for many years, but I won't let the customer to read and modify
> > my code. So the best way is to encrypt my module .py to .pye.
> Actually it's better to simply ship the .pyc/.pyo files and/or to minify
> the code to make it unreadable. As everyone pointed out, the encryption you
> are proposing won't stop anyone from reading your source, it will just make
> it a little harder.

I think it's worth explaining why just shipping the .pyc/.pyo files is
"better".

If it's not clear by now, a fancy encryption scheme won't protect your
sources from someone who really wants to read them. On the other hand,
shipping just the .pyc/.pyo files will stop casual browsing. The only
real difference here is how much effort it takes to get the source. To
carry Guido's analogy further, both lock your front door, one just
uses a better lock. Neither will stop a determined burglar.

On the other hand, if you ship code with a fancy encryption scheme,
you're shipping more moving parts, which means more things to go
wrong, which means more support calls. With the particular scheme you
proposed, you'll get calls from people who managed to run the code
without properly setting the environment variable, or set it to the
wrong thing, and those are just the obvious problems.

In summary, your encryption scheme will make life just a little harder
for everyone when compared to simply not shipping the source.

    <mike
-- 
Mike Meyer <mwm at mired.org>		http://www.mired.org/
Independent Software developer/SCM consultant, email for more information.

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org