ajones wrote: >What plans do you have for security in this? I would think that in >order to trust this over the network you would at least need a >certificate identifying the server as well as some method of verifying >package contents. > >Either way, cool stuff. > > > I think this is an interesting project.
What if every module could be registered (at Python.org, for example) with a unique URI, a hash digest, and optionally a list of one or more source code sources (URLs)? Each module registered would have to have a unique name, but that is probably a good thing anyway. Then before loading a module the urlimport code could query something like "http://Python.org/cheeseshop/moduleNS/%s" %moduleName From whence would be returned a short text file, something like: ThisModuleName HashNumber ["http://source1/ThisModuleName.txt", "http://source2/funnydirectory/structure/ThisModuleName.txt"...] urlimport could then query the sources given, or any other known repositories, until it found a module of matching digest. What if you needed to use a certain version of a module for compatibility? Then would module names like "ThisModuleName_2.71" become necessary? I wonder if the ripples of setting something like this up offend Pythonic thinking... and if the utility of having this sort of functionality would be worth risking some offense. I guess this stuff has all been done before and Python has good reasons for not pursuing it, but I wonder what those reasons are. /EP -- http://mail.python.org/mailman/listinfo/python-list