ekzhang a day ago

Just want to mention that these standalone python builds have been super important for simplifying a lot of dev tooling, even if users may not see it directly — I work for a cloud infrastructure company, and they’re what allow us to give users a one-line way of adding Python to any Docker image they desire. It’s helpful to have reproducible, standalone Python builds of this quality (and release transparency). Thanks y’all for taking this on.

ameliaquining a day ago

> Normally, when you build CPython on Linux or macOS, several system paths are hardcoded into the binary. This is fine if you're building and installing Python on a single machine, but it's a problem if you want to pre-build Python and then distribute it to other machines.

> So, for example, when you download Python on Linux (e.g., from python.org), what you're actually downloading is the CPython source, which is then built on your machine.

But python.org does provide prebuilt macOS binaries. How is that accomplished and why doesn't whatever they're doing generalize to Linux?

  • ivoflipse 21 hours ago

    This is actively being discussed https://discuss.python.org/t/publish-linux-installer-on-pyth...

    A big holdup seems to be who would maintain this in the CPython project. Perhaps some Astral folks could become core devs as well and maintain it upstream

    • gkeralt 17 hours ago

      Hardly anyone who does real work would want to contribute to CPython these days. The reputational risk is too high, the work would be taken, modified and slowly ruined by the mediocre influencers.

      I would advise against Astral for maintaining anything inside the Python organization. Too much talk, power plays and no real software engineering.

      • fuzztester 16 hours ago

        ?

        Source needed.

        Pun unintended.

        • the_mitsuhiko 16 hours ago

          The parent comment is inflammatory. That said, moving anything in the Python project requires a lot of energy, there is high friction and it's probably not wise to try to do that until something has established itself outside.

          The discussions around lockfiles, dynamic metadata or PyBI (the PEP that wanted to address what python-build-standalone does) are good examples of how hard it is to cause change in that space.

          • indygreg2 11 hours ago

            I could never justify the time investment to upstream a lot of my python-build-standalone work. I made some attempts. But it always felt like I was swimming against a heavy current and the talk to meaningful action ratio was too high. The payoff would be there. But it was the kind of work someone would have to pay me to do: not how I would choose to spend my free time on nights and weekends.

            I’m optimistic the Astral folks will have better success than me and I support them in their efforts. They have viable, popular solutions in hand. Hopefully that helps convert others to their cause. “If you build it they will come.”

  • the_mitsuhiko 18 hours ago

    The macOS builds in Python.org are not easy to use for tools like uv and rye. They have hardcoded paths and can only be installed to the one location on the file system. They are also framework builds which is untypical for pythons.

    • mkesper 16 hours ago

      What implies being framework builds here (-> what's the difference)?

      • the_mitsuhiko 16 hours ago

        A framework build is a specific build of Python to make it work like a .framework on macOS. The original motivation of this was that you can also ship frameworks within .app bundles but the Python framework build has hardcoded paths so you cannot really do it.

        One of the consequences of framework builds is that they have a different layout than a regular Python installation on the file system. The Python installer will also litter a bunch of files into /Applications which makes installing competing versions surprisingly annoying.

        In theory a framework build of Python would be preferrable but the framework build would have to become fully relocatable for that benefit to pay off. They are not today.

    • ameliaquining 14 hours ago

      And this works in macOS but not Linux because the required filesystem paths are always the same on macOS but not on Linux?

0cf8612b2e1e a day ago

This is a huge relief. I love the uv bootstrapping, but was unhappy with the built-in-Nebraska feel for how they sourced Python. Still not as great as being an official Python.org project, but an excellent step.

  • usrme 18 hours ago

    Love the way you made that Nebraska reference!

    • fnord123 15 hours ago

      For people as puzzled as me by the Nebraska reference, I think it's referring to this well known XKCD post:

      https://xkcd.com/2347/

figomore a day ago

I think the next project adopted by Astral will be PyOxidizer.

  • cdchn a day ago

    That was my thought as well. "Hopefully someone decides to take on the stewardship of PyOxidizer, too." That might not dovetail well enough with someone's business plans though.

  • mikkelam 15 hours ago

    at this point they should just start their own Python implementation :-)

antman 19 hours ago

I hope this is also relevant to extending uv towards creating standalone python executables

NeutralForest 16 hours ago

Amazing, I'm really hoping Astral will stay in the game for long!

est a day ago

A big thank you to Gregory and the Astral team. The binaries saved me tons of bullshit build time. The saved CPU cycles also helped reducing carbon footprint!

themusicgod1 a day ago

> With those modifications, it then builds Python from source across a wide matrix of Python versions, platforms, and build variants (e.g., optimized vs. debug builds), and publishes the built distributions to GitHub Releases.

This should be illegal.

  • JackYoustra a day ago

    Why?

    • cdchn a day ago

      Supply chain risk.

      • the_mitsuhiko 18 hours ago

        Please explain your reasoning.

        • cdchn 11 hours ago

          Somebody else is building your binaries. You've added another link in your software supply chain. How do you know they haven't inserted malware?

          • the_mitsuhiko 10 hours ago

            > Somebody else is building your binaries.

            That happens all the time. Who builds the docker images you are using?

            > You've added another link in your software supply chain. How do you know they haven't inserted malware?

            You're installing untrusted random packages from PyPI. There are many much weaker points than Astral giving you malware for fun.

            • cdchn 8 hours ago

              Sure it happens, but that doesn't mean you shouldn't think about reducing it.

  • mistrial9 a day ago

    How to handle this situation is literally defined in the LICENSE for any modern software project