I'm very much not saying that's what it is. Looking at the end it looks like an encoded zip file which the code extracts. Perhaps somebody else will be kind enough to run it and find out what it does. I'd feel too guilty, having told too many people not to do that.
Because it happens to use a base64-encoded string to obscure some of what it's doing? Yes, there's malware which does that, but this is also such an ancient trick in humorous code obfuscation that it seems silly to jump to the level of paranoia you're displaying (especially given that A) it's by a well-known member of the Python community and B) it was published April 1).
My first reflex when I saw this was to think that it's meant as a tongue-in-cheek sidekick on the recent microframework-craze. Still not sure about the intention, but as others have pointed out, yes it's an April's fools.
I haven't looked at the source, and the documentation is nonexistent, but the example app and the routing look really close. See http://bottle.paws.de/ also.
Werkzeug had an example with the same semantics (decorator for URL rules and returning strings and response objects from functions) for a long time. But neither did Werkzeug come up with that, the original idea was TurboGears which did it that way. So by that logic, bottle is a cheap knockoff.
However, I do have to point out that denied is a joke which should be pretty obvious from reading the source and watching the screencast (and quite frankly, just by looking at the website in detail).
Every new framework copies something from existing ones. Setting routes with a decorator seems pretty obvious if you've seen Sinatra, and the templating language is more inspired by Django than anything else.
Well, the run() function was intended to be a very bad example of API. Because there is that magical application object you never see that run magically picks up.
There is another example of really bad API in denied: there is a template render function internally (you have to read the code behind the code to see that) which magically accepts both filenames for templates and template source strings. And there are a couple of more examples of really, really bad ideas in that code.
By the same token, I could look at (any) Ruby code and call it the same thing seeing as it is a far enough deviation from 'C-like' languages and I haven't bothered to learn it yet. The "if __name__= '__main__':" convention is pretty well-established in Python. __name__ is only '__main__' when the script is the 'main' script being run (i.e. it wasn't imported as a module/package).
- github user created in April's 1st (http://github.com/denied)
- contact is an email link to Armin Ronacher (http://github.com/mitsuhiko), who actually published the denied code in github
- code basically just uses jinja2 and werkzeug, which are a template language and a web framework, respectively, which Armin works on
So... yeah.