what are the most popular building and packaging tools for python ??

Alex Martelli aleaxit at yahoo.com
Mon Oct 25 23:13:35 CEST 2004


Neil Benn <neil.benn at arcor.de> wrote:
   ...
> start looking at reverse compilation.  This is something it it possible
> to do in most 'bytecode' languages - other bytecode implementations 
> (java, .NET) use 'obfuscators' that will make your code unreadable if
> someone tries to decompile it.  To this end, I've not seen a python 
> obfuscation tool

Security by obscurity isn't.  If you can obfuscate, I can deobfuscate,
if it's worth my while.  If you stick in license checking, I can patch
it out.  It's not about one programmer being better than another: the
attacker/cracker has the inevitable advantage.  If you ship all the code
(even in object obfuscated form) you're toast.  I know: I've done that
as part of my job for ten years of my life -- copy protection and the
like WAS one part of my job as senior software consultant.  Thousands of
hours wasted off my live.  Quoth the raven, nevermore.

If your code contains really valuable trade secrets, my well-considered,
experience-driven, professional suggestion, is to carefully remove just
enough of the secret parts from the code you distribute, and make them
available only as web-services or the equivalent from a host you
control.  Whatever implementation language you use, the only code that
will never be cracked is code that does NOT leave your control.  (well,
that AND most code that's not really all that valuable, of course;-).

A web service can require any form of authentication and validation from
its 'client' code, so you can implement any business model you like.  I
heartily recommend (depending on the situation) subscription-based or
per-use fees, over the old and crufty 'sell the bits' model that never
really worked right (IMHO).  Be sure to pick _important_ parts of your
code as those that are only available as webservices, not to make the
webservices just a kind of license check, or else the webservice access
WILL be hacked out just like any other license check (assuming your code
IS valuable, of course).

You can distribute, depending on your exact circumstances, an "already
somewhat useful" pure-client program, as long as the full functionality
that customers will pay for is only accessible via the webservices.  You
can even opensource the part you distribute, that may garner you useful
feedback, more customers, etc.

Of course, there _are_ still, today, applications which can't assume the
net is available and must still offer full functionality no matter what.
They're fewer and fewer, thanks be, as connectivity spreads -- games
accrue multiplayer online-play features that players are eager for,
financial programs require access to updated exchange rates or stock
levels, and so on.  If you do need to sell applications which have full
functionality without net access, you may as well resign yourself: you
will never be truly safe, alas.


Alex



More information about the Python-list mailing list