ajones wrote:
>What plans do you have for security in this? I would think that in
>order to trust this over the network you would at least need a
>certificate identifying the server as well as some method of verifying
>package contents.
>
>Either way, cool stuff.
>
>
>
I think this is an interesting project.
What if every module could be registered (at Python.org, for example)
with a unique URI, a hash digest, and optionally a list of one or more
source code sources (URLs)? Each module registered would have to have a
unique name, but that is probably a good thing anyway.
Then before loading a module the urlimport code could query something like
"http://Python.org/cheeseshop/moduleNS/%s"; %moduleName
From whence would be returned a short text file, something like:
ThisModuleName
HashNumber
["http://source1/ThisModuleName.txt";,
"http://source2/funnydirectory/structure/ThisModuleName.txt";...]
urlimport could then query the sources given, or any other known
repositories, until it found a module of matching digest.
What if you needed to use a certain version of a module for
compatibility? Then would module names like "ThisModuleName_2.71"
become necessary?
I wonder if the ripples of setting something like this up offend
Pythonic thinking... and if the utility of having this sort of
functionality would be worth risking some offense.
I guess this stuff has all been done before and Python has good reasons
for not pursuing it, but I wonder what those reasons are.
/EP
--
http://mail.python.org/mailman/listinfo/python-list
