this post was submitted on 18 Feb 2024
149 points (98.7% liked)

Python

6360 readers
12 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

πŸ“… Events

PastNovember 2023

October 2023

July 2023

August 2023

September 2023

🐍 Python project:
πŸ’“ Python Community:
✨ Python Ecosystem:
🌌 Fediverse
Communities
Projects
Feeds

founded 1 year ago
MODERATORS
 

Previously LGPL, now re-licensed as closed-source/commercial. Previous code taken down.

Commercial users pay $99/year, free for personal use but each user has to make a free account after a trial period.

you are viewing a single comment's thread
view the rest of the comments
[–] taaz@biglemmowski.win 18 points 9 months ago (2 children)

Whether you are a Hobbyist User or Commercial User, you can start using PySimpleGUI at no cost. To get started with a 30-day trial period, first install Python and then

python -m pip install pysimplegui

...

You can try PySimpleGUI for 30 days, after which you will need to Sign Up. Hobbyist users sign up at no cost, and Commercial Users subscribe at $99/year. For more details, see PySimpleGUI.com/pricing.

How is this trial enforced?

[–] peak_dunning_krueger@feddit.de 18 points 9 months ago (2 children)

How is this trial enforced?

Since it's now closed source and they distribute what is possibly/probably/presumably a binary blob, the same way all the others are enforced. With some kind of DRM date checking whatever.

[–] XTL@sopuli.xyz 11 points 9 months ago (4 children)

Does pip really allow binary blobs? That effectively makes it zero security.

[–] etrotta@programming.dev 7 points 8 months ago (1 children)

To be fair it has some valid use cases, take ruff for example.

But pip/pypi does not have any proper security at all, and just blocking binary blobs wouldn't make a difference when you can freely execute any python code during installation - Much like downloading an executable from any site online, you are expected to make sure you can trust whoever uploaded what you are downloading. You could say the same about other sites like GitHub too.

[–] XTL@sopuli.xyz 6 points 8 months ago

There is a fair difference still between source available and binary blob. The blob has essentially no chance of ever being audited.

[–] elguaxo@lemmy.dbzer0.com 4 points 8 months ago

Take a look at the Source Distribution files: https://pypi.org/project/PySimpleGUI/#files

As far as I can see, it's still all just Python.

[–] MinekPo1@lemmygrad.ml 2 points 9 months ago

binary blobs aren't really a security hole , since AFAIK the pypi team don't check every package for malicious code before they get shown publicly . it just shifts the trust from pypi to the library authors

Sure, and it's really nice for big compiled projects to not have to compile that on every update.

[–] csm10495@sh.itjust.works 2 points 8 months ago* (last edited 8 months ago)

They injected some binary code to make a code object (and in doing so inject some obfuscation).. if someone wants to violate the new license, they can easily work around it via installing through pip, commenting out that license check... Not that I endorse library license violations.

I put up packages on pypi with the last LGPL code versions for my own usage. I don't plan on updating them much, but they work for me.

PySimpleGUI-4-foss And psgtray-foss.

[–] ebits21@lemmy.ca 8 points 9 months ago

The user has to have a key to use the software, no free account then no key after 30 days unless the developer paid for the key.