- cross-posted to:
- hackernews@lemmy.smeargle.fans
- hackernews@derp.foo
- cross-posted to:
- hackernews@lemmy.smeargle.fans
- hackernews@derp.foo
Previously LGPL, now re-licensed as closed-source/commercial. Previous code taken down.
Commercial users pay $99/year, free for personal use but each user has to make a free account after a trial period.
…
How is this trial enforced?
Since it’s now closed source and they distribute what is possibly/probably/presumably a binary blob, the same way all the others are enforced. With some kind of DRM date checking whatever.
Does pip really allow binary blobs? That effectively makes it zero security.
To be fair it has some valid use cases, take ruff for example.
But pip/pypi does not have any proper security at all, and just blocking binary blobs wouldn’t make a difference when you can freely execute any python code during installation - Much like downloading an executable from any site online, you are expected to make sure you can trust whoever uploaded what you are downloading. You could say the same about other sites like GitHub too.
There is a fair difference still between source available and binary blob. The blob has essentially no chance of ever being audited.
Take a look at the Source Distribution files: https://pypi.org/project/PySimpleGUI/#files
As far as I can see, it’s still all just Python.
The user has to have a key to use the software, no free account then no key after 30 days unless the developer paid for the key.