osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

People choosing Python 3


Stephan Houben <stephanh42 at gmail.com.invalid>:

> Op 2017-09-10, Marko Rauhamaa schreef <marko at pacujo.net>:
>> I've seen that done for Python and other technologies. It is an
>> expensive route to take. Also, it can be insecure. When
>> vulnerabilities are found, they are communicated to the maintainers
>> of, say, Python. When Python is fixed and released, the vulnerability
>> is revealed, but the version bundled with your product is still
>> broken. You have to be prepared perform an emergency release of your
>> product and hope you don't mess things up.
>
> To each his own, but this is not different from any other third-party
> package your application depends on.

And that is an argument to minimize the number of 3rd-party dependencies
in a product. However, programming languages are particularly
problematic because they have huge attack surfaces. For example, we need
to rerelease our product four times a year because of Java. No other
3rd-party package gives us such trouble.

(BTW, a former employer of mine chose to package Python with the
application so they could ship the application in a .pyc format.)


Marko