If there is truly a 'best' way, what is the best way to ship a python app and ensure people can't (easily) reverse engineer your algorithms/security/work in general?
If there isn't a 'best' way, what are the different options available?
Background: I love coding in Python and would love to release more apps with it. One thing that I wonder about is the possibility of people circumventing any licensing code I put in, or being able to just rip off my entire source base. I've heard of Py2Exe and similar applications, but I'm curious if there are 'preferred' ways of doing it, or if this problem is just a fact of life.
Even if you use a compiled language like C# or Java, people can perform reverse engineering if they are motivated and technically competent. Obfuscation is not a reliable protection against this.
You can add prohibition against reverse-engineering to your end-user license agreement for your software. Most proprietary companies do this. But that doesn't prevent violation, it only gives you legal recourse.
The best solution is to offer products and services in which the user's access to read your code does not harm your ability to sell your product or service. Base your business on service provided, or subscription to periodic updates to data, rather than the code itself.
Example: Slashdot actually makes their code for their website available. Does this harm their ability to run their website? No.
Another remedy is to set your price point such that the effort to pirate your code is more costly than simply buying legitimate licenses to use your product. Joel Spolsky has made a recommendation to this effects in his articles and podcasts.
The word you're looking for is obfuscate. A quick google reveals:
http://www.lysator.liu.se/~astrand/projects/pyobfuscate/
but:
a) If copyright infringement becomes a problem, then the law is on your side (as long as you include the appropriate copyright notices in all files).
b) It's also possible to make a profit on open source applications if you're clever about it.
c) If you want your Intellectual Property to be truly secure, then the only answer is to not let anyone have it in the first place: Write your application as a web app, (I recommend using django) and only your web hosting provider has access to your code.
Security through obscurity never works. If you must use a proprietary license, enforce it through the law, not half-baked obfuscation attempts.
If you're worried about them learning your security (e.g. cryptography) algorithm, the same applies. Real, useful, security algorithms (like AES) are secure even though the algorithm is fully known.
py2exe
On windows py2exe is one way of shipping code to end-users, py2exe bundles the python interpreter, the necessary dlls and your code compiled to python bytecode.
Here are the python bytecode instructions to get some clue what it looks like:
http://www.python.org/doc/2.5.2/lib/bytecodes.html
Or you can use dis to disassemble some pyc/pyo files.
So, using py2exe is similar to distributing compiled python (pyc/pyo) files.
Shedskin C++ compiler
The Shedskin compiler compiles a subset of python to C++ which you can compile to native code using any compiler.
pypy
I don't know about PyPy too much. According to their docs Pypy is able to generate C code.
Shipping a commercial mac desktop app in Python, we do exactly as described in the other answers; protect yourself by law with a decent EULA, not by obfuscating.
We have never had any troubles with people reverse engineering our code. And if we do, I feel confident we can take legal action. So yes, it's a fact of life. But one that is not too hard to live with. Just get a decent lawyer that writes a decent EULA.