this post was submitted on 18 Feb 2024
149 points (98.7% liked)

Python

6350 readers
2 users here now

Welcome to the Python community on the programming.dev Lemmy instance!

๐Ÿ“… Events

PastNovember 2023

October 2023

July 2023

August 2023

September 2023

๐Ÿ Python project:
๐Ÿ’“ Python Community:
โœจ Python Ecosystem:
๐ŸŒŒ Fediverse
Communities
Projects
Feeds

founded 1 year ago
MODERATORS
 

Previously LGPL, now re-licensed as closed-source/commercial. Previous code taken down.

Commercial users pay $99/year, free for personal use but each user has to make a free account after a trial period.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] etrotta@programming.dev 7 points 8 months ago (1 children)

To be fair it has some valid use cases, take ruff for example.

But pip/pypi does not have any proper security at all, and just blocking binary blobs wouldn't make a difference when you can freely execute any python code during installation - Much like downloading an executable from any site online, you are expected to make sure you can trust whoever uploaded what you are downloading. You could say the same about other sites like GitHub too.

[โ€“] XTL@sopuli.xyz 6 points 8 months ago

There is a fair difference still between source available and binary blob. The blob has essentially no chance of ever being audited.