Pyarmor, guard your python scripts

Jondy Zhao jondy.zhao at gmail.com
Fri Sep 18 03:58:53 CEST 2015


On Tuesday, September 15, 2015 at 5:36:52 PM UTC+8, Ben Finney wrote:
> Jondy Zhao <jondy.zhao at gmail.com> writes:
> 
> > Pyarmor is a simple to use tool which is capable of importing or
> > running encrypted Python script files. Moreover, it can apply encoding
> > algorithms to your Python scripts, in order to help you protect them
> > before you can distribute them. You may also generate license files
> > with custom validity conditions.
> 
> Protect them from whom? What is the threat model against which Pyarmor
> is claimed to protect? Who is the attacker, who is being protected?
> 
> > The program allows you to encrypt files, but to also open and run them
> > as if no protection was applied. Moreover, it can run or import
> > encrypted Python scripts in any target machine, only in specified
> > machines or before a specified date. This aspect can be controlled by
> > the creation of the license files: bound to a hard disk serial number
> > or by an expiration date.
> 
> So a Python file encrypted this way will be arbitrarily restricted in
> how it can be inspected for debugging, performance monitoring, and
> testing?
> 
> This seems to explicitly treat the user of the Python software as a
> hostile attacker. That is not a friendly or respectful position, and I
> hope I misunderstand Pyarmor's operation.
> 
> -- 
>  \       "Any fool can write code that a computer can understand. Good |
>   `\       programmers write code that humans can understand." --Martin |
> _o__)                                      Fowler, _Refactoring_, 2000 |
> Ben Finney

Think that python developer is manufacturer, and he want to sell his product to the customers who don't know anything about programming. He don't hope his customers redistribute his product, that's protected by Pyarmor.





More information about the Python-list mailing list