On Thu, 9 Jan 2020 at 11:00, Abdur-Rahmaan Janhangeer <[email protected]> wrote:
> This proposal is not solving any problem at all > -------------------------------------------------------------- > This proposal aims at enhancing zipapp. Zipapp solved the problem. Zipapp > had an aim. This proposal aims at helping zipapp better accompplish it's aim. > > This proposal explores the next level of zipapps. The enhancements are 2 > folds: > > - Adding meta details But you haven't explained what problem adding metadata would solve. > - Bundling dependencies You can already bundle (pure Python) dependencies, just use pip install --target to place them in a directory alongside your application, add some code in your app to set sys.path, and bundle the whole lot in a zipapp. Many people do this already. So if what you're proposing is to make that process easier, then great, but you're not explaining things very well, as nothing you've described so far sounds easier than the current process :-( > But i choose to go even further by attempting to > explore security features and exploring the option of > cross-platforming. And yet again, you haven't explained how these additional features will solve problems that users are actually encountering. Sure, it's easy to say "security will avoid problems with malicious code" - but what specific attacks are people finding to be an issue, and how will your proposed solution address them? (You say you're still investigating signing - I'd suggest dropping that part of your proposal for now if you don't know how it will work yet). > That's why there is much discussion over it There's discussion because no-one can work out what problem you're trying to solve, not because your proposal includes a number of aspects. > I could've played the safe route and just propose > adding meta data and bundle dependencies > producing Os-specific zips. You'd still have people asking what problem this will solve... > Nobody has objection to the two above, > there are prototypes with the above > features which work. Possibly. I don't see the point of extra metadata, but I'm not going to object strenuously if someone wants to make it an optional extra that people can include in their zipapps if they want. And if you had a concrete proposal for a tool that made bundling pure-python dependencies easier, I'd be very happy. But such a tool can easily be written as a standalone tool - it doesn't need any change to Python (even the zipapp module in the stdlib could have been released on PyPI and kept independent). I don't see the point of insisting it be added to Python (and indeed, I see some significant downsides to doing so, such as it not being available in older versions of Python...) > Before i forget about the hard questions completely and just propose the > safe part, i wanted to push it as far as i can. Maybe that was a mistake :-) Start small, and then build on your success once the first part is done. Paul _______________________________________________ Python-ideas mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/2BYXUIWJ3UZPJUBLYMQJIXX6UM7DK7DZ/ Code of Conduct: http://python.org/psf/codeofconduct/
