IT-safety requirements in the industry

[RichardPfr]

Background

As was brought up recently by multiple members of the community, installing python and python based packages on company PCs with todays IT-safety regulations becomes more and more troublesome (if even possible in the first place).
Even if it is possible though, one might not be able to receive any updates of either packages or python itself, without going through the same authorization process again.

Note

This post is therefore intended to collect ideas and possible solutions of how we can adress the requirements, posed by increasing IT-safety regulations, from our side.

Ideas for adressing this issue

• use pyapp or docker to provide some sort of executable - @axtimhaus might have more input on the difficulties of implementing this/ setting this up
• perform a PM-Method stakeholder analysis to characterize the interest groups (IT-department, administration, ...). On our side @mxstrl probably knows best about that.
• have companies setup their own "virtual environments" within their internal network, that employees can access via webbrowsers
  • I dont know exactly how this works, but it seems companies need to set this up themselves and we may not be able to do much if they don't
• get someone external to approve our solution for this issue - companies may be more willing to then approve it themselves
  • Rico Barth was mentioned during our meeting with Saxeed - @mxstrl correct me if im wrong

Question

If you have...

• ... any more suggestions or ideas on how to address this issue or
• ... something to add to the ideas I posted

please feel free to comment below.

[sag-kalibreur]

IT security is increasingly becoming a problem when working with Python and a Framework like Pyroll.

In the near future there will no longer be admin rights on the PCs and most ports will be blocked by the firewall. Installation via PIP will then no longer work, not even with admin rights. A temporary option (as long as admin rights are still available) is to connect via a smartphone hotspot or a private WLAN/LAN connection.

One solution from our IT department is a jump host, an RDP connection to a server on which admin rights are permitted. However, this does not solve the problem of blocked ports or the complete Internet connection. We still need to talk to IT about a solution that really works.

A future-proof solution would be to provide an installer that can be run locally. This could be executed locally or, if no admin rights are available, via the IT software distribution. This could be done promptly in any case.