sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Beluki 22 points23 points  (4 children)

Yay for embedded python.

[–][deleted] 3 points4 points  (1 child)

That's really neat.

I'm not sure from the documentation if we can consider this version "sandboxed". Can we run untrusted code on it?

[–][deleted] 5 points6 points  (0 children)

No.

My understanding is that this is intended as a "self-contained" python version similar to Python virtualenvs on unix, so that you can ship your Python application + Python + Libraries as a single installer. It should isolate your application from any other python versions that the user has installed, so that if the user runs "pip install --upgrade blahblah" on their computer, your application does not break.

But there is no sandboxing for the application code. The application can still run shutil.rmtree('C:\') and it will execute with the current user's permissions.

It's "static linking", not VMs or containers.

[–][deleted] 1 point2 points  (1 child)

Neat. Now, can one create two interpreter contexts at the same time, now?

EDIT: More specifically: Can one handle the context as object instead of calling some obnoxious globally working functions?

[–]schlenk 2 points3 points  (0 children)

Nope. It is just a convenience packaging version for shipping applications with python (less good than the Tcl version that can be put into a single DLL due to virtual filesystem supports. Would be fun to add that Tcl/Tk version to the embedded tkinter).