HyperWiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
en:philosophy:python_problems [2025/04/18 14:18]
throgh 		en:philosophy:python_problems [2025/04/21 04:02] (current)
throgh [Conclusions for Hyperbola]
Line 4: Line 4:
  
 ===== Technical issues ===== ===== Technical issues =====
 +
 +There are multiple problems and issues to be seen within the technical aspects. First and foremost we need to mention the way **Python** intends to setup and compile depedending packages: The project [[http://web.archive.org/web/20250404064938/https://github.com/pypa/build|build]] is therefore marked as "a simple, correct Python build frontend". While this may be the case it is also important that this frontend is not that simple as it sounds and in need for further dependencies, likewise to mention here the project [[http://web.archive.org/web/20250130092348/https://github.com/pypa/installer|installer]] to be described as "a low-level library for installing from a Python wheel distribution". The problem is that both packages refer and depend on each other, so in fact we have here a so-called "circular dependency".
 +
 +Is it not possible to build therefore clean packages without tremendous amount of work and also to have linear dependency-tree.
 +
 +But that is clearly not all alone: Many packages for **Python** also depend on [[https://web.archive.org/web/20250418230406/https://github.com/pypa/pip|pip]], which is in fact an own implemented package-manager for **Python**. We have therefore again the already marked problem: To preserve the autonomy of the system we can't and won't include such package(s) into the system as it is neither not known what kind of dependencies are further installed when a user is executing commands for such installation processes nor we have no control about further malicious code being downloaded, installed and executed later on. It is already known and reported that [[https://web.archive.org/web/20250420232014/https://cybersrcc.com/2025/03/17/the-pypi-attack-malicious-packages-target-cloud-tokens-over-14100-downloads-before-removal/|several malicious packages were distributed and also downloaded]].
  
 ===== Social issues ===== ===== Social issues =====
 +
 +We already noted the technical aspects as we now describe further the social issues within this chapter. First and foremost: What do we mean with "social issues"? While on the technical side we can clearly name several problems we need also to refer towards the social impact of **Python**, not only as programming language but also as overall community-project. And exactly this definition is very important: How can we enumerate the community within this? **Python** is clearly working with its community, without any doubts. Nevertheless a project in that sizing and with its impact on really much other free and libre software needs also money: **Python** gets sponsoring throughout its own foundation and many [[https://web.archive.org/web/20250420233646/https://www.python.org/psf/sponsors/|known companies / corporations]], not being even near trustworthy.
 +
 +Please refer especially here also to [[https://wiki.hyperbola.info/doku.php?id=en:philosophy:commercialization|our stance towards commercialization]]: We rejected company-sponsored projects exactly out of that reasoning that many of them only build a community around the projects while the original community-aspect itself was never part from the beginning and is also not seen to be intended. Companies and corporations have no clear intention to give something back for others to learn, when they can't get back something for their own orientation, may it be to reach out further monetization or further inclusion and adaption of their licensed code. The projects we refer here are clearly not only under a free, permissive licensing and include only granted patents, trademarks and further owned copyrights. In that case **Python** is to be seen clear critical as there is enough influence of sponsors seen: No company and corporation would sponsor without the possibility to be granted more influence on several parts, groups, individuals or the whole foundation behind the project.
  
 ===== Conclusions for Hyperbola ===== ===== Conclusions for Hyperbola =====
 +
 +So after describing the two major problematic aspects of **Python**: What can we conclude now for Hyperbola as system-project and therefore resulting operating-system? For sure we do not exclude **Python** as language as enough other packages heavily depend on it for execution and building. It is not possible to exclude **Python** in a whole, while there is also no real other implementation completely independent seen comparable with the current **Python** reference implementation in Version 3. For **Python** in Version 2 we have concluded to use **Tauthon** as good replacement, compatible and fine working.
 +
 +Besides already named problems **Python** can be used, with the following conclusions:
 +
 +  * Until there are no severe security-issues reported there will be no further updates on the provided version of **Python**.
 +  * We do not provide **build**, **installer** and **pip** as we do not recognize circular dependencies, a complete independent package-management and further possible execution of malicious code as helpful or in any way supporting for the users and their technical emancipation.
 +  * We do and will not react on any further demands to include further packages for **Python** as we see our task not in filling up the system with more packages as to understand that every newly added software-project as package could be also the next possible security-issue and attack-vector.
 +  * Hyperbola as proect has its focus on [[https://wiki.hyperbola.info/doku.php?id=en:philosophy:community_software|community-oriented and rooted projects]], not on projects with a later build community around.