On Mon, Aug 24, 2009 at 7:39 AM, Nick Coghlan <ncoghlan@gmail.com> wrote:
Guido van Rossum wrote:
> Anyway it looks like if someone wants to try this, only the code in
> runpy.py needs to be touched.

The necessary work would actually be in zipimport. runpy doesn't know
anything about the details of where the module code comes from, it just
asks the relevant importer for the details. For zipfile and directory
execution, they get added to the start of sys.path and then runpy is
invoked to look for the module "__main__". From that point on most of
the heavy lifting is handled by the regular import machinery (aside from
using the pkgutil emulation for the basic import behaviour that isn't
fully exposed by the imp module).

I added a -1 to the tracker issue as well. That's due both to my opinion
on the inherent idiocy of DRM though (since shared secrets don't provide
any security when the attacker in your threat model is one of the people
you are sharing the secret with) and to the fact that associating
passwords with the relevant zipfile entries on sys.path would get messy
fairly quickly.


Nick Coghlan   |   ncoghlan@gmail.com   |   Brisbane, Australia
Python-Dev mailing list
Unsubscribe: http://mail.python.org/mailman/options/python-dev/shashank.sunny.singh%40gmail.com

Shashank Singh
Senior Undergraduate, Department of Computer Science and Engineering
Indian Institute of Technology Bombay