[Python-Dev] Licensing issue (?) for Frozen Python? [was: More optimisation ideas] (original) (raw)

Stephen J. Turnbull stephen at xemacs.org
Sat Feb 6 00:31:31 EST 2016

Chris Angelico writes:

And even the GPL doesn't require you to distribute the source along with every copy of the binary. As long as the source is available, it's acceptable to distribute just the binary for convenience.

True (and it would apply to frozen Python as long as the source includes the build scripts such as setup.py used to "freeze" Python), but it can be complex (especially for commercial distribution).

However, the technical problem remains. For example, you mention Debian. While Debian keeps its source and binary packages very close to "in sync" on the server, there are several gotchas. For example, Debian does not restrict itself to packaging patches, it sometimes breaks your security when it thinks it's smarter than Bruce. So ... is the corresponding source you're interested in the patched or unpatched source? Do you know which you get when you install the source package? Do you know how to get the other? Suppose for reasons of stability you've "pinned" the binary. Is the corresponding Debian source package still easily available? Did you think of that gotcha when you installed the source package, or did you just assume they were still in sync? I'm sure somebody with the "security mindset" (eg, Bruce) can think of many more....

It's not Python's responsibility to solve these gotchas, of course. Many (eg, do you want patched vs. unpatched) are use-case-dependent anyway. However, many of them do go away (and Python has fulfilled any imaginable responsibility) if we distribute source with the binaries, or arrange that binaries are built from source at installation.

More information about the Python-Dev mailing list