Previously LGPL, now re-licensed as closed-source/commercial. Previous code taken down.

Commercial users pay $99/year, free for personal use but each user has to make a free account after a trial period.

  • peak_dunning_krueger@feddit.de
    link
    fedilink
    arrow-up
    18
    ·
    11 months ago

    How is this trial enforced?

    Since it’s now closed source and they distribute what is possibly/probably/presumably a binary blob, the same way all the others are enforced. With some kind of DRM date checking whatever.

    • XTL@sopuli.xyz
      link
      fedilink
      arrow-up
      11
      ·
      11 months ago

      Does pip really allow binary blobs? That effectively makes it zero security.

      • etrotta
        link
        fedilink
        English
        arrow-up
        7
        ·
        11 months ago

        To be fair it has some valid use cases, take ruff for example.

        But pip/pypi does not have any proper security at all, and just blocking binary blobs wouldn’t make a difference when you can freely execute any python code during installation - Much like downloading an executable from any site online, you are expected to make sure you can trust whoever uploaded what you are downloading. You could say the same about other sites like GitHub too.

        • XTL@sopuli.xyz
          link
          fedilink
          arrow-up
          6
          ·
          11 months ago

          There is a fair difference still between source available and binary blob. The blob has essentially no chance of ever being audited.

      • MinekPo1 [it/she]@lemmygrad.ml
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        binary blobs aren’t really a security hole , since AFAIK the pypi team don’t check every package for malicious code before they get shown publicly . it just shifts the trust from pypi to the library authors

    • csm10495@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      11 months ago

      They injected some binary code to make a code object (and in doing so inject some obfuscation)… if someone wants to violate the new license, they can easily work around it via installing through pip, commenting out that license check… Not that I endorse library license violations.

      I put up packages on pypi with the last LGPL code versions for my own usage. I don’t plan on updating them much, but they work for me.

      PySimpleGUI-4-foss And psgtray-foss.