Path: csiph.com!news.swapon.de!newsreader4.netcologne.de!news.netcologne.de!bcyclone01.am1.xlned.com!bcyclone01.am1.xlned.com!newsfeed.xs4all.nl!newsfeed8.news.xs4all.nl!nzpost1.xs4all.net!not-for-mail
Return-Path: <python-python-list@m.gmane.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.009
X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'position,': 0.04; 'claimed': 0.07; 'scripts': 0.09; 'files:': 0.09; 'moreover,': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'scripts,': 0.09; 'python': 0.10; 'files.': 0.13; 'subject:python': 0.14; 'encoding': 0.15; 'explicitly': 0.15; 'importing': 0.15; 'arbitrarily': 0.16; 'debugging,': 0.16; 'operation.': 0.16; 'received:80.91.229.3': 0.16; 'received:plane.gmane.org': 0.16; 'whom?': 0.16; 'aspect': 0.22; 'controlled': 0.22; 'seems': 0.23; 'specified': 0.23; 'import': 0.24; 'script': 0.25; 'header:User- Agent:1': 0.26; 'header:X-Complaints-To:1': 0.26; 'distribute': 0.27; 'disk': 0.27; 'allows': 0.30; 'code': 0.30; 'programmers': 0.30; 'skip:_ 10': 0.32; 'run': 0.33; 'date.': 0.33; 'open': 0.33; 'file': 0.34; 'running': 0.34; 'conditions.': 0.35; 'files,': 0.35; 'machines': 0.35; 'but': 0.36; 'tool': 0.36; 'to:addr :python-list': 0.36; 'subject:: ': 0.37; 'being': 0.37; 'received:org': 0.37; 'creation': 0.38; 'files': 0.38; 'to:addr:python.org': 0.40; 'software': 0.40; 'protection': 0.60; 'your': 0.60; 'hope': 0.61; 'skip:u 10': 0.61; '2000': 0.63; 'capable': 0.65; 'license': 0.65; 'encrypted': 0.66; '8bit%:21': 0.70; 'serial': 0.70; 'treat': 0.72; 'friendly': 0.74; 'subject:your': 0.75; 'protect': 0.76; '_o__)': 0.84; 'hostile': 0.84; 'humans': 0.84; 'received:125': 0.84; 'expiration': 0.91
X-Injected-Via-Gmane: http://gmane.org/
To: python-list@python.org
From: Ben Finney <ben+python@benfinney.id.au>
Subject: Re: Pyarmor, guard your python scripts
Date: Tue, 15 Sep 2015 19:36:21 +1000
References: <42f12eba-2504-4a97-a5bc-e7b9bfe2f1f9@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Gmane-NNTP-Posting-Host: jigong.madmonks.org
X-Public-Key-ID: 0xAC128405
X-Public-Key-Fingerprint: 517C F14B B2F3 98B0 CB35  4855 B8B2 4C06 AC12 8405
X-Public-Key-URL: http://www.benfinney.id.au/contact/bfinney-pubkey.asc
X-Post-From: Ben Finney <bignose+hates-spam@benfinney.id.au>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux)
Cancel-Lock: sha1:0PurAX/XCCeinT2BEWrIE0D4u9o=
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.587.1442309795.8327.python-list@python.org>
Lines: 32
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1442309795 news.xs4all.nl 23786 [2001:888:2000:d::a6]:41260
X-Complaints-To: abuse@xs4all.nl
X-Received-Bytes: 4829
X-Received-Body-CRC: 4217520519
Xref: csiph.com comp.lang.python:96623

Jondy Zhao <jondy.zhao@gmail.com> writes:

> Pyarmor is a simple to use tool which is capable of importing or
> running encrypted Python script files. Moreover, it can apply encoding
> algorithms to your Python scripts, in order to help you protect them
> before you can distribute them. You may also generate license files
> with custom validity conditions.

Protect them from whom? What is the threat model against which Pyarmor
is claimed to protect? Who is the attacker, who is being protected?

> The program allows you to encrypt files, but to also open and run them
> as if no protection was applied. Moreover, it can run or import
> encrypted Python scripts in any target machine, only in specified
> machines or before a specified date. This aspect can be controlled by
> the creation of the license files: bound to a hard disk serial number
> or by an expiration date.

So a Python file encrypted this way will be arbitrarily restricted in
how it can be inspected for debugging, performance monitoring, and
testing?

This seems to explicitly treat the user of the Python software as a
hostile attacker. That is not a friendly or respectful position, and I
hope I misunderstand Pyarmor's operation.

-- 
 \       “Any fool can write code that a computer can understand. Good |
  `\       programmers write code that humans can understand.” —Martin |
_o__)                                      Fowler, _Refactoring_, 2000 |
Ben Finney