"Fred L. Drake, Jr." wrote:
No, it's fair to assume that the entire standard library is available. That makes available ConfigParser, rfc822, shlib, and xmllib. Writing a parser *is* an option, because it can be incorporated into distutils, but I don't see any need to do so with so many already-debugged modules available.
You are correct (with the exception of "shlib" - which I seem to be unable to import; new module?). However, none of these was as easy to use as this: execfile(os.path.join(default_location, name), globals) Writing the file was slightly more difficult, it took a whopping 9 lines of code.
And the first malevolent packager to add a "while 1" loop to his package metadata breaks the whole system. If performance is really an issue, C and Java implementations can be built as needed.
Maybe I'm missing something here, but I fail to see how this possibility is any more threatening than that of a malevolent packager installing viral code on your system. In the system that I have submitted, the packager does not directly provide the meta-database file (sorry :-). The manipulation of these files is performed through the pkginfo module, which can encapsulate any kind of information repository that you like. Nonetheless, as I said, I'm not a particularly strong proponent of using python code to store this information, myself. If everybody thinks that this approach sucks, that's fine. I'm much more concerned with the content and the interface to this system. ============================================================================= michaelMuller = mmuller@enduden.com | http://www.cloud9.net/~proteus ----------------------------------------------------------------------------- Society in every state is a blessing, but government even in its best state is but a necessary evil; in its worst state an intolerable one... - Thomas Paine =============================================================================