This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author steve.dower
Recipients Sam Clegg, skoslowski, ssapin, steve.dower
Date 2020-02-05.00:26:04
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1580862365.03.0.910358978777.issue34841@roundup.psfhosted.org>
In-reply-to
Content 
The install page (https://docs.python.org/3/using/windows.html - linked from the download page) covers non-interactive installs, as well as describing the embeddable distro in detail (https://docs.python.org/3/using/windows.html#windows-embeddable). It sounds like you may be in the right category, but you may also prefer the nuget.org package (https://docs.python.org/3/using/windows.html#windows-nuget), which is intended for arbitrary execution on CI systems rather than constrained execution within another application.

The security concerns are an attacker gaining access to a new machine that they know very little about and searching for a "python.exe" they can use to run their tools. Sure, they can modify their initial script to modify sys.path before trying to import anything, but that's not always possible, so we cut off a number of easy-moderate attacks (and many trivial attacks) by not allowing unanticipated script bundles to be executed.
History
Date User Action Args
2020-02-05 00:26:05steve.dowersetrecipients: + steve.dower, ssapin, skoslowski, Sam Clegg
2020-02-05 00:26:05steve.dowersetmessageid: <1580862365.03.0.910358978777.issue34841@roundup.psfhosted.org>
2020-02-05 00:26:05steve.dowerlinkissue34841 messages
2020-02-05 00:26:04steve.dowercreate