There was a tool kiddy in the past to rename my app and its author who could only edit Rust source code and run cargo build xd
In the era full of supply chain attacks, I'd like to make sure my compiler and its distributions are not compromised to protect end users. I think reproducible builds with SHA-256, SHA-512 hashes and GPG signatures would be enough to defend Trusting Trust attacks. Typical non-programmers almost never verify hashes or signatures manually, so publishing on Microsoft Store would be best for them. It seems Microsoft Store is available in China but Microsoft does not operate local server within China so download and browsing would be slow and might experience instable connectivity.
Todo
Scripting language
Python is not designed to be embedded and sandboxed. Embedding Python interpreter as is for executing arbitrary user code would be against Microsoft Store policy.
10.2.2
Your product must not attempt to fundamentally change or extend its described functionality or introduce features or functionality that are in violation of Store Policies through any form of dynamic inclusion of code. Your product should not, for example, download a remote script and subsequently execute that script in a manner that is not consistent with the described functionality
Lua cannot reach out to the filesystem, network, or OS if you strip the entire standard library and expose only your own API functions. It seems that Lua is substantially better for MS Store compliance than Python. Monty looks promising as Python subset without file system and network access, but it's very incomplete for now. (no classes yet)
There was a tool kiddy in the past to rename my app and its author who could only edit Rust source code and run cargo build xd
In the era full of supply chain attacks, I'd like to make sure my compiler and its distributions are not compromised to protect end users. I think reproducible builds with SHA-256, SHA-512 hashes and GPG signatures would be enough to defend Trusting Trust attacks. Typical non-programmers almost never verify hashes or signatures manually, so publishing on Microsoft Store would be best for them. It seems Microsoft Store is available in China but Microsoft does not operate local server within China so download and browsing would be slow and might experience instable connectivity.
Todo
Scripting language
Python is not designed to be embedded and sandboxed. Embedding Python interpreter as is for executing arbitrary user code would be against Microsoft Store policy.
Lua cannot reach out to the filesystem, network, or OS if you strip the entire standard library and expose only your own API functions. It seems that Lua is substantially better for MS Store compliance than Python. Monty looks promising as Python subset without file system and network access, but it's very incomplete for now. (no classes yet)