Selling Python Software

Peter Hansen peter at engcorp.com
Mon Nov 3 14:49:36 CET 2003


Will Stuyvesant wrote:
> 
> Suppose I want to sell a (small, 1000 lines) Python program.  It is a
> commandline program for database applications and I have a customer.
> The customer wants to "try it out" before buying.  The try-out version
> should be a full, complete, version.
> 
> As much as I like the opensource movement, I have a problem now.  If I
> just give them the Python source code then they can show it to their
> programmers and they have no reason anymore to pay money to me.  Sure
> that would break our agreements, but you know bussiness, legal issues.
>  The thing the customer is interested in is the algorithm used in the
> program.  Not much I could do about such a scenario effectively.
> 
> I tried py2exe before, but someone told me it is always possible to
> decompile...revealing the source code.
> 
> Anybody has a solution to this, besides more legal paperwork (I am in
> europe...forget about claiming your rights here)?  Is it not possible
> to give away a Windows .exe file that can not be decompiled (or only
> with *extreme* difficulty)?

I've read the other answers here, which pretty much just repeat past
discussions, but I think the various respondents have to some extent
not paid close attention to your *specific* needs here.

Alex is pretty close to the mark, but there's no need to be as extreme 
as his "start with OpenBSD install" response to Erik Max Francis, as 
you definitely don't need the high security of this approach.

Nevertheless, the server-based-code approach is definitely the only
one that is worth the effort here, considering that the effort is
practically nil (or should be, as if you're really trying to sell
commercial software, having access to an Internet server should be
a pretty trivial thing).  You could use Pyro to make the fact that
part of the system is running on a server practically transparent
both to the potential customer and to you.  Moving the server-based
code into the real application once they've paid you would be a
tiny last step.

"Only decompiled with *extreme* difficulty?"  There is no such approach
within your means, I'm afraid, and there are any number of stories
from the real world which ipso facto prove it.  There *are* hardware-key
based solutions, but I can tell you from personal experience that 
they will really not stop a determined attacker and in any case they
will cost more to implement than the potential income from your 
1000-line Python program.

On another note, having been in the consulting business myself for
years (before my current job) I would give you this advice.  Don't
underestimate the value of a trusting business relationship, nor 
the value of a decent written contract.  If you are right that this 
customer would cheat you at the earliest opportunity, you are
likely going to find yourself cheated in some manner no matter
what you do.  Without adequate attention to written agreements and
a good mutual understanding, you could just as well find yourself
in the position of having delivered the final, unprotected version
to them and still not get paid because "it doesn't meet the 
requirements you promised to implement" or something like that.

A decent license *should* be adequate for just about any customer
with whom you ought to be doing business.  IMHO.

-Peter




More information about the Python-list mailing list