[Pyrex] Re: callback

Bryan Weingarten bryan.weingarten at pobox.com
Tue Nov 11 10:10:56 CET 2003 

i think you misunderstand.  we are not talking about the same thing.  we 
don't have an issue with other people reading the source code.  i didn't 
say "including the filename is not allowed".  i said "including the 
fully qualified name of an internal computer at _my_ company is not 
allowed".  two completely different things.  .py[co] files are compiled 
on your machine, so if it embeds your internal path it's not an issue.

if i give you a .py file that contains:

print 1/0

it will throw an exception on your machine.  this exception will _not_ 
contain the fully qualified path of the file of _my_ machine.  it will 
have the fully qualified path of the file on _your_ machine.   there is 
no inherit security risk if you see the line of code in the source 
file.  i'm not arguing about the concept of intellectual property.  but 
there most definitely is a security risk to see the fully qualified path 
to where the file lives on _my_ machine.

the other point  is we are not talking about python code here.  we are 
talking about a shared library written in c.    so, your point about how 
does python pass our QA dept, and .py is source, and .py[co] contains 
the internal path, etc, is not even relevant in this context.

bryan



Andreas Kostyrka wrote:

>On Mon, Nov 10, 2003 at 07:37:13PM -0800, Bryan Weingarten wrote:
>  
>
>>currently, our solution is to just compile the pyx file to a c file, run 
>>a script that strips all commonts and __pyx_filenames of there full path 
>>and leaves the filename.  then compile the c file.  manually modifying 
>>the c file seems like a hack, but at this point, this is the only way 
>>i'm allowed to use pyrex.  currenly, the python extension generated by 
>>pyrex won't pass our QA department until the internal names are removed.
>>    
>>
>How does Python as a whole pass your QA department? I mean if including
>the filename is not allowed how do they react to the fact that you ship
>source code?
>Points to consider:
>-) .py is source.
>-) .pyc/.pyo is equivalent to source (try decompyle.py sometimes), AND it
>   contains the internal paths to where it was compiled.
>
>Andreas
>
>
>  
>

More information about the Pyrex mailing list