When Wes McKinney wrote about the transition away from python I knew it was real.
<a href="https://wesmckinney.com/blog/agent-ergonomics/" rel="nofollow">https://wesmckinney.com/blog/agent-ergonomics/</a><p>I still have a special place in my heart for the language and think it’s still got a niche.
From this example:<p><pre><code> lazy from typing import Iterator
def stream_events(...) -> Iterator[str]:
while True:
yield blocking_get_event(...)
events = stream_events(...)
for event in events:
consume(event)
</code></pre>
Do we finally have "lazy imports" in Python? I think I missed this change. Is this also something from Python 3.15 or earlier?
3.15: <a href="https://docs.python.org/3.15/whatsnew/3.15.html#whatsnew315-lazy-imports" rel="nofollow">https://docs.python.org/3.15/whatsnew/3.15.html#whatsnew315-...</a>
> When an AttributeError on a builtin type has no close match via Levenshtein distance, the error message now checks a static table of common method names from other languages (JavaScript, Java, Ruby, C#) and suggests the Python equivalent<p>Oh, that is such a nice thing.
It's unrelated to the lazy keyword. Instead it's another feature related to error messages.<p>The example:<p><pre><code> >> 'hello'.toUpperCase()
Traceback (most recent call last):
...
AttributeError: 'str' object has no attribute 'toUpperCase'. Did you mean '.upper'?</code></pre>
In the Rust toolchain we've done the same. It just so happens that rustdoc already has introduced annotations for "aliases" so that when someone searches for push and it doesn't exist, append would show up. Having those annotations already meant that bootstrapping the feature to check the aliases during name resolution errors in rustc was almost trivial. I love it when improving one thing improves another indirectly too.<p>I really appreciate them going out of their way to do this, being quite aware of the hidden complexity in doing it.
I’ve often thought it would be funny if instead of an error message for stuff like this, a language could be designed to be “typo-insensitive”. If a method or function call is similar enough to an existing one or a common one from other languages, to just have it silently use that.
VisualBasic did that. I think it is a mistake. But that doesn't mean that the compiler can't detect that <i>and tell you how to fix it</i> instead.
Sure VB ignores case, but what I want is for it to compare each method against a dictionary of similar terms. And maybe calculate the Levenshtein distance between all terms if it’s not found, and just assume it’s the closest one. You could also assume that full-width characters or similar-looking glyphs are equivalent (BASIC was pre-Unicode, so I can forgive them for not including that).
Lisp had a package for that, DWIM, in the late 60s: <a href="https://en.wikipedia.org/wiki/DWIM" rel="nofollow">https://en.wikipedia.org/wiki/DWIM</a>.
I hope you mean "funny" in the "hilarity ensues" sense.<p>Because the alternative is a rather sociopathic level of schadenfreude.
Yes, I say “funny” because it would be impractical and weird, definitely not a good idea. It’s already a bad enough that so many popular languages don’t (and can’t) check if a field or method is misspelled at compile time…
We already have it. In fact, Python added it with this change! Not intentionally, but in a world of AI, any error message containing a suggestion of what to do to fix it is a directive to the AI to actually do that thing.<p>Example: to build our system, you run `mach build`. For faster rebuilds, you can do `mach build <subdir>`, but it's unreliable. AI agents love to use it, often get errors that would be fixed by a full-tree build, and will chase their tails endlessly trying to fix things that aren't broken. So someone turned off that capability by default and added a flag `--allow-subdirectory-build` for if you want to use it anyway. So that people would know about it, they added a helpful warning message pointing you to the option[1].<p>The inevitable (in retrospect) happened: now the AI would try to do a subdirectory build, it would fail, the AI would see the warning message, so it would rerun with the magic flag set.<p>So now the warning message is suppressed when running under an AI[2][3]. The comment says it all:<p><pre><code> # Don't tell agents how to override, because they do override
</code></pre>
"The user does not want me to create the Torment Nexus but did not specify why it would be a problem, so I will first create the Torment Nexus in order to understand the danger of creating the Torment Nexus."<p>[1] <a href="https://searchfox.org/firefox-main/rev/fc94d7bda17ecb8ac2fa9a996dd18dde16002374/python/mozbuild/mozbuild/controller/building.py#1497-1508" rel="nofollow">https://searchfox.org/firefox-main/rev/fc94d7bda17ecb8ac2fa9...</a><p>[2] <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=2034163" rel="nofollow">https://bugzilla.mozilla.org/show_bug.cgi?id=2034163</a><p>[3] <a href="https://searchfox.org/firefox-main/rev/cebc55aab4d2661d1f6c2d1526362947ec4016c1/python/mozbuild/mozbuild/controller/building.py#1484-1490" rel="nofollow">https://searchfox.org/firefox-main/rev/cebc55aab4d2661d1f6c2...</a>
Now I'm wishing for a single cross-language library, that I can somehow inject into every compiler/runtime/checker to get this, but with a single source of truth and across a wide range of languages. I hit this damn issue all the time, writing code in one language for another, would truly be a bliss to have that problem solved once and for all.
What benefit does the lazy import have here - if we use the value in a type hint at module scope anyway? Would that require Deferred evaluation of annotations -- which I don't think are enabled by default?
Type annotations are lazily evaluated by moving them behind a special annotations scope as of 3.14:<p><a href="https://peps.python.org/pep-0649/" rel="nofollow">https://peps.python.org/pep-0649/</a><p><a href="https://docs.python.org/3/reference/compound_stmts.html#annotations" rel="nofollow">https://docs.python.org/3/reference/compound_stmts.html#anno...</a><p>With 3.15, using lazy typing imports is more or less an alternative to putting such imports behind an "if TYPE_CHECKING" guard.
[dead]
Note that you can work around it by implementing `def __getattr__(name: str) -> object:` at the module level on earlier Python versions
Yes, 3.15+
[dead]
Python is such a weird language. Lazy imports are a bandaid for AI code base monstrosities with 1000 imports (1% of which are probably Shai Hulud now).<p>And now even type imports are apparently so slow that you have to disable them if unused during the normal untyped execution.<p>If Instagram or others wants a professional language, they should switch to Go or PHP instead of shoehorning strange features into a language that wasn't built for their use cases.
> Python is such a weird language. Lazy imports are a bandaid for AI code base monstrosities with 1000 imports<p>Just because you don’t like a feature doesn’t mean it’s because of AI and bad code.
I think this is just a natural consequence of an easy-to-use package system. The exact same story as with node. If you don't want lots of imports, don't make it so damn easy to pile them into projects. I'm frankly surprised we still see so few supply chain attacks, even though they picked up their cadence dramatically.
This seems a lot more due to an import running arbitrary code because stuff can happen in the top-level of a module rather than only happening in functions. From what I can tell, it seems pretty common for dynamically typed languages and pretty much entirely absent from statically typed ones, which tend to have a main function that everything else happens inside transitively. I guess this makes it easy if what you're writing is something that runs with no dependencies, but it's a pretty terrible experience as soon as you try to introduce the concept of a library.
IIUC the organizations that most strongly pushed for this feature are big companies with large codebases. These tend not to be the kinds of orgs that just casually pull in dependencies from PyPI on a whim; I think it more likely that the quantity of <i>first-party</i> code was so large that importing all of it on startup was causing problems.
What would your alternative look like?
Too much syntactic sugar causes cancer of the semicolon.
True, but this is yet another code path that isn't exercised until specific conditions happen. That means even more latent application behaviour can go undetected by unit testing and security profiling until the moon is in the right phase, which is a boon for submarine attacks.
Empirically, I have used the current accepted way to do lazy imports (import statement inside a function) before AI coding was even a mainstream thing, for personal code that sometimes needs a heavy import and sometimes doesn’t.<p>The lazy statement would be an improvement as it allows one to see all the imports at the top where you expect them to be.
On most unix-likes all "imports" via shared libraries (e.g. in C / C++) are lazy by default.
It's nice that python 3.15 added Iterator synchronization primitives: <a href="https://docs.python.org/3.15/library/threading.html#iterator-synchronization" rel="nofollow">https://docs.python.org/3.15/library/threading.html#iterator...</a>. These will nicely complement my threaded-generator package which is doing just this but using a thread/process+generator+queue: <a href="https://pypi.org/project/threaded-generator/" rel="nofollow">https://pypi.org/project/threaded-generator/</a>
> <i>I've left this one to the bonus section because I've never used set operations on Counters and I'm finding it extremely hard to think of a use case for xor specifically. But I do appreciate the devs adding it for completeness.</i><p>Check out <i>symmetric difference</i><p><a href="https://en.wikipedia.org/wiki/Symmetric_difference" rel="nofollow">https://en.wikipedia.org/wiki/Symmetric_difference</a>
Yeah, but applied to counters it would be the symmetric difference between multisets, which doesn't have a natural definition. If I understood the proposal they'd be defining it as absolute value of the difference of the counts, which isn't even associative.<p>If they only considered parities it could be interpreted as addition in F_2, which is more natural, but I'd still agree that it's hard to see how you'd use something like this in practice.
You can get the L_k distances between the two counters. E.g. if you sum the absolute value of the difference of the counts, you get the L_1 distance between the counters. If you raise them to the n^th power and then sum them, you get the L_n distance. For n=2, that's the Euclidean distance (squared).
> <i>Iterators, async functions and async iterators don't work well here because they have different semantics to standard functions. When you call them they return immediately with a generator object, coroutine function and async generator object respectively. So the decorator completes immediately as opposed to the entire lifecycle what it's wrapping.</i><p>> <i>This is an unfortunate problem I've encountered many times, and it's often a problem for normal decorators too. But this has changed in 3.15, now the ContextDecorator will check the type of the function it's wrapping and ensure that the decorator covers the entire lifespan.</i><p>I very much like the idea of that change - but it also seems kind of dangerous, to do this with no "opt-in mechanism", as that quite subtly changes the behavior of existing usage sites.<p>This is a bit of a "spacebar heating" situation, because someone would have to intentionally use a decorator in the old, broken way, but if someone actually did that, things may unexpectedly break.
The Python core team seems to think it's unlikely that anyone's relying on the existing behavior: <a href="https://github.com/python/cpython/pull/136212#issuecomment-4332309019" rel="nofollow">https://github.com/python/cpython/pull/136212#issuecomment-4...</a>
Ok, good to see that they checked that possibility. Looks like there was no situation in which the previous behavior could have been usable, so yeah, agreeing with the change then.
Eh, what's the worst that could happen? Developers opting to run an old version of Python due to incompatible changes? I can't see that happening.
There's a good interview about Python internals and management, particularly in relation to free-threading: <a href="https://alexalejandre.com/programming/interview-with-ngoldbaum/" rel="nofollow">https://alexalejandre.com/programming/interview-with-ngoldba...</a>
Oh, my beloved Python, for nearly 15 years I wrote you. I miss you, but I no longer do — it's not your fault, life has changed.
One of the Counter examples is incorrect, tested on both 3.13 and 3.15.0a<p><pre><code> >>> from collections import Counter
>>> c = Counter(a=3, b=1)
>>> d = Counter(a=1, b=2)
>>> c-d
Counter({'a': 2})</code></pre>
I was so into Python for 10 years, was enjoyable to work in. But have deleted 100k+ lines this year already moving them to faster languages in a post AI codebot world. Mostly moving to go these days.
This is straightforward in the first instance, but how do you see maintenance of those projects going forward - especially adding more complex features ?<p>I can see one way forward being to prototype them in python and convert.
I'm still on the lookout for a comprehensive Django-like web framework for go. That would be an instant hit for me.
Try another language? The Go ecosystem tends towards libraries as opposed to "frameworks."<p>I personally chose C# for this reason, because ASP.NET is mature and (IMO) well designed. But there's also Java/Spring and and lots of other options in different languages depending on your preferences.
Same here. Django is my last holdout for Python. Everything new is go.
Interested in why you'd use Python in the first place? Advice for someone who knows nothing about programming - what would you suggest?
Programs have to run in a lot of different contexts, not just as servers, and for some of those contexts (especially say glueing together other programs), an interpreted language is more convenient and easier to work with. In fact, unless I care about performance, I'm going to use an interpreted language because having the source close at hand when something breaks just turns out to be super useful.
Because it's quick and easy to radically alter and refactor your prototype as you learn the problem space. By the time it works you often find out that you don't need anything more. This is something that Perl had.<p>Once your program starts to get bigger you have abstractions that can cope fairly well and keep your code simple to use - this is what Perl didn't have.<p>If you need more speed then you can write extensions in some compiled language.I think TCL was better at this hybrid approach but Python is a nicer language in itself.<p>You can also just dump python and write everything in that other language but now you understand the problem space quite well and you won't be trying to learn about it using a language where change is "difficult."
IMO the main reasons people use Python are:<p>1. The very first steps are quite simple. Hello world is literally just `print("hello world")`. In other languages it can be a lot more complex.<p>2. It got a reputation as a beginner-friendly language as a result.<p>3. It has a "REPL" which means you can type code into a prompt and it will execute it interactively. This is very helpful for research (think AI) where you're trying stuff out and want to plot graphs and so on.<p>IMO it is undeservedly popular, or at least was. Wind back 10 years to when it was rapidly gaining mindshare:<p>1. While "hello world" is simple, if you went further to more complex programs you would hit two roadblocks: a) the lack of static type checking means large programs are difficult to maintain, and b) it's really really slow.<p>2. While the language is reasonable, the tooling (how you install packages, manage the code and so on) was eye-bleedingly abysmal.<p>3. While the REPL did technically exist, it was really bare bones. It couldn't even handle things like pasting code into it if the code contained blank lines (which it usually does).<p>However since it has become arguably the most popular language in the world, a lot of people have been forced to use it and so it is actually getting quite decent now. It has decent static types (even if lots of people still don't use them), the REPL is actually decent now (this changed <i>very</i> recently), and there's a new third party tool called `uv` to manage your code that is actually good.<p>The biggest issue with it now is that it's still horrifically slow (around 50-200x slower than "fast" languages like C++, Rust etc). It is pretty unlikely that that will ever change. People always try to excuse this by saying Python is a "glue" language and you just use it to connect components written in faster languages, but a) that's pure "you're holding it wrong", and b) that only works in some cases where there are nicely separated "slow bits" that can be moved to another language. That's the case for AI for example, where it's all numerical, but for lots of things it isn't. Mercurial was a competitor to Git that was written in Python and lost partly because it was way too slow. They've started writing parts in Rust but it took them 10 years to even start doing that and by then it was far too late.<p>> what would you suggest?<p>It really depends on what you want to make. I would pick something to make first and then pick the language based on that. Something like:<p>* AI: Python for sure. Make sure you use uv and Pyright.<p>* Web-based games: Typescript<p>* Web sites: Typescript, or maybe Go.<p>* Desktop GUI: Tbh I'd still use C++ with QtWidgets. Getting a bit old-school now tbf.<p>Also Rust is the best language of them all, but I dunno if I'd pick it as a beginner unless you really know you want to get into programming.
I think "Python is slow" is reductive and frankly just as useful as saying "Python begins with a 'P'". The story is more complicated than simply speed of execution.<p>Choosing a language is a game of trade-offs: potentially slower execution in return for faster development time, for example. If your team is already familiar with Ruby, will asking them to write a project in Rust necessarily result in a better product? Maybe, but it will almost certainly take much longer.<p>Anyway, how many Python programs are actually "too slow"? Most of the time, Python is fast enough, even if heavy computation is offloaded to other languages.<p>As for Rust being the best language of them all, that's, like, your opinion, man.
I agree with you; I've developed in Python for most of my career and a lot of Python criticism is malformed.<p>That being said, I'm starting all new large development work in Rust. Python is hard to reason about due to its dynamic nature in large codebases. And if I'm enabling strict typing everywhere, I might as well use a typed language and get a performance boost. Obviously, this is only because I'm the sole developer and using AI to improve productivity.<p>Work settings are completely different and one has to be a team player to find the language that works for everyone.
> potentially slower execution in return for faster development time, for example.<p>Another classic lie about Python. The slower speed doesn't matter because it's development speed that's important, and Python gives you faster development speed!<p>Except... it absolutely doesn't. It would be very difficult to argue that Typescript has significantly slower development speed but it is <i>much</i> faster to execute. I also disagree that Python is any faster than Go, Rust or Lotion, but I think lots of people blindly accept that it is and would argue based on that.
[dead]
ptpython has existed for a decade, maybe two, and python is high level, more readable than most languages. Exec speed hasn’t mattered in my near thirty years of using it for business and prototyping tasks which it promoted early.<p>Yes it strains at the big to huge project end, not recommended to take it there. Still there are better tools to help now.
> * Web sites: Typescript, or maybe Go.<p>lol, no. Just no. Python is far superior for website backends unless perhaps you're running one of the top 20 websites in the world.
Go is terrible for scientific/ML work though, the libraries just aren't there. The wrapping C API story is weak too even with LLMs to assist.<p>Try and write a signal processing thing with filters, windowing, overlap, etc. - there's no easy way to do it at all with the libraries that exist.
i don’t really see it this way. the value of a token in Python is much higher than it is in lower-level language
Thats very intersting, If I may ask was it from professional projects or personal projects?
Same, I’m not sure how Python survives this outside of machine learning.<p>All of our services we were our are significantly faster and more reliable. We used Rust, it wasn’t hard to do
the funny thing is that everyone, including myself, posited that python would be the <i>winner</i> of the ai coding wars, because of how much training data there is for it. My experience has been the opposite.
I felt the opposite, because Python isn’t a great language. It won because of Google, fast prototyping, and its ML interop (e.g. pandas, numpy), but as a language it’s always been subpar.<p>Indentation is a horrible decision (there’s a reason no other language went this way), which led to simple concepts like blocks/lambdas having pretty wild constraints (only one line??)<p>Type decoration has been a welcome addition, but too slowly iterated on and the native implementations (mypy) are horribly slow at any meaningful size.<p>Concurrency was never good and its GIL+FFI story has boxed it into a long-term pit of sadness.<p>I’ve used it for years, but I’m happy to see it go. It didn’t win because it was the best language.
> lambdas having pretty wild constraints (only one line??)<p>I will never understand why people are upset about this.<p>You HAVE multi-line lambdas. They're called functions.<p>Yeah, I know you want a function that's only used once to be able to be defined in-line, but tbh I've always found that syntax to be pretty ugly, especially once you're passing two functions to a single call, or have additional parameters AFTER the function (I'm looking at you, setTimeout/setInterval).
> there’s a reason no other language went this way)<p>Except of course for those that did, Haskell, Fortran for example.
F# as well, and that tends to exist in parallel with some degree of C# written by the same devs… the indentation enables cleaner, smaller, simpler code function by function.<p>It’s pretty ok in Python, but meaningful indentation is <i>amazing</i> with a proper type system and compiler. Clean, consistent, efficient, and ensures working code is easily read and standardized.<p>I’m unaware of anyone accepting improperly formatted C# as ‘done’, and would reject any such PR out of hand because of the potential for legibility issues to hide bugs. So: if it were done when 'tis done, then 'twere well it were done by the compiler to save line noise.
I’m always baffled when language complaints come down to syntax
That’s exactly how I think, too. But at the same time, I like indentation in Python, because I would logically indent in every other language as well. In fact, I find all those semicolons and similar things at the end of each line completely redundant (why should I repeat myself for something the compiler should do) and I hate them. And that’s despite having experience with Modula and 10 years of C++. But when I look at Rust, I find the syntax simply awful. From an ADHD perspective…
Lambdas are intentionally kneecapped in python because Guido van Robson doesn't want to make a functional language. (As in "functional programming", not that it doesn't work.)
AI benefits from tools to verify its halucinations. That's much easier in a typed and compiled language. Then have a language that can't be monkey patched at runtime and the confidence increases even more.<p>If you mean "easy to get something out of it" then yeah, it's great.
I wouldn't be surprised if static typing had something to do with it.
Typescript wins in terms of training data IMHO, by which I mean that the training data is large enough that AI does great with TS, and the language is (IMHO) superior to Python in many ways.<p>I personally now use a mixture of Typescript and Rust for most things, including AI coding. Its been working quite well. (AI doesn't handle Rust as well as TS, in that the code isn't quite idiomatic, but it does ok)
a lot of the training data is either for python 2 or just generally very low quality
The quality issue doesn't seem unique to Python.<p>The versioning issue I've seen across libraries that version change in many languages.<p>I don't tend to hit Python 2 issues using LLMs with it, but I do hit library things (e.g. Pydantic likes to make changes between libraries - or loads of the libraries used a lot by AI companies).
I’ve found recent Claude to be much better in this regard. I think a lot rests on the quality of the harness and the work behind the scenes done to RAG up to date docs or search for docs proactively rather than guessing.<p>I also don’t have issues with quality of Python generated. It takes a bit of nudging to use list comps and generators rather than imperative forms but it tends to mimic code already in context. So if the codebase is ok, it does do better.
That could be it. I still see LLMs fail a set of static typing challenges that I created a couple years ago as a benchmark. Google models still fail it. I wonder if the lack of typing in a lot of the training data makes python harder to reason about?
The tons of python code would be great training data if there was any consistency across the ecosystem. Yet every project I've touched required me to learn it's unique style.
Then I'd imagine they practically poisoned half the training set because python2 is subtly different.
You can test on the device directly, without needing to recompile to try something.
Three things I find unlikely about this:<p>- You wrote 100K lines of code (I've worked on several large C++ projects that were far smaller)<p>- You wrote those lines in Python (surely the whole point of Python is to write less code)<p>- You deleted them (never delete anything, isn't this what modern VCS is all about?)<p>But whatever floats your boat.
> You deleted them (never delete anything, isn't this what modern VCS is all about?)<p>The person said: "deleted 100k+ lines this year already moving them to faster languages"<p>Are you saying that when you move code to another language/rewrite in another language, you leave the original languages code in your repo?<p>They didn't say they deleted it from their git history. I delete code all the time (doesn't mean its "gone", just that its not in my git head).
100k lines is tiny what are you on about, especially in the monolithic app sass world where many Fyll stack apps that handle all business ops are probably written with Django.<p>Our entire business runs on 300k lines of Ruby (on Rails) and I can keep most of the business logic in my head. I would say our codebase is not exactly “tiny” and just cracking the ceiling into “smal” territory. And comparatively, people probably write even <i>less</i> code in equivalent rails apps to django ones. 100k lines of C++ is <i>miniscule</i>.<p>Obviously “deleting code” in this context doesn’t mean purging version control history but the current state of the codebase.
> 100k lines is tiny<p>No, no, it is not, or at least not in my experience (I do not and never have done web development - medium performance C++ code - I don't see how I could write, understand and support 100K lines of code in this area).<p>And so, what does your Ruby code actually do?
100k lines is huge, I don't know what these jokers are on
Your experience doesn't match mine. I have, mostly solo, and part time, written multiple codebases that on that kind of magnitude (it is about the level where it still will fit in one person's head pretty easily IMO). It doesn't take much to reach that kind of size. Now, if all of it was super dense and subtle code, then yeah, that would be a lot, but in my experience that's usually a pretty small part of any given codebase.
Uhm what? All of those things are totally ordinary.
The `except*` improvements are underrated. Been using ExceptionGroup in a CLI tool that wraps Semgrep — catching multiple subprocess errors cleanly in one block made the retry logic much simpler.
Note that 3.15 is not released yet. It will come out in 4 months
I come to Python around version 1.5, painfully tired by debugging CGI scripts, created by wannabe perl-golfers. Unfortunately, I feel like Python is losing more and more of the zen that once tempted me...<p>Lazy loading looks like a last nail in the coffin, where my love to Python was buried, although it was a long, tiresome process.
Thread safe ittertors? really are we still on these topics<p>lazy from typing import Iterator<p>def stream_events(...) -> Iterator[str]:
while True:
yield blocking_get_event(...)<p>events = stream_events(...)<p>for event in events:
consume(event)
I am not a python dev but have the utmost respect for the ecosystem.<p>But damn, with all the supply chain attacks now in the news, could they just make a simple way (for non python insiders) to install python apps without fearing to be infected by a vermin with full access to my $HOME ...
There is no security barrier at all in UNIX(-like) Os's between a caller/callee, this is not thing that python can just fix.<p>There are ways to harden and/or reduce privileges, but shells/scripting languages will always have this issue on any modern OS.<p>The UNIX way to help prevent that is really to run processes as another user, but people seem to refuse to do so. You should <i>always</i> expect any process running as your UID to be able to access any data owned or visible to your UID.<p>While it is possible to reduce the risk of disclosure, they are all wack-a-mole preventions protecting the low hanging fruit, not absolute guarantees.<p>That is purely due to how UNIX works [0]<p>[0] <a href="https://man7.org/linux/man-pages/man7/credentials.7.html" rel="nofollow">https://man7.org/linux/man-pages/man7/credentials.7.html</a>
There is little that they can do short of running the programs in a VM. Linux distros aren't engineered to consider applications as something different from the user running them. You need a completely different security model to achieve that and the Python runtime isn't tackle that.
In its inception 35 years ago the creator of python could not foresee how far python would go and how the environment would look like today. But nowadays there are a lot of security mechanisms they could leverage to adapt (from chroot by default to namespaces, cgroup, etc. on Linux, pledge, unveil on OpenBSD).<p>The very idea that you offer a (python) package installer that is gonna pull a tree of code published and updated by random people in an unvetted manner open the door to all the supply chain attacks we are seeing.<p>Around the same time (early 90s) Java was designed with high isolation in mind but the goal and vision was very different. And Java had its own problems.<p>I'm saying that because at some point the security problem is gonna really hurt the python ecosystem.
funny how we may have to wait even longer for llms to pick up this update in their pre-training