[Follow-up to the Distutils SIG, please.] There are a few steps needed to find and install a package: 1) Discovery : which module does what I need? 2) Download : where can I get a copy? 3) Security : is this actually from the package author, and not a Trojan? 4) Installation : how do I set it up? 5) Checking for new versions: I have 1.0 installed; is a newer version available? Distutils focuses on the hardest and most complicated step, #4. For #1, you would need to browse through a list of available packages, browse through a hierarchy like Parnassus, or do keyword searches. #2 is pretty simple, since you just get one or more download URLs corresponding to a given package name, using the same database as in #1. For #3, you'd have to check a signature on the downloaded package, using something external like GnuPG. This means this step has to be skipped if the external tool isn't available. We could implement our own signature scheme with Python code, but that's a bad idea; security is hard, and few people will bother to generate keys that are only useful for this one application of distributing Python modules. (Side note: the sdist and bdist_* commands should have a --sign switch to sign the generated .tgz, .rpm, or whatever file.) For #5, the existing stuff in Tools/versioncheck might be partially applicable, though it requires that every package have a text file somewhere which gives the latest version. You'd want to use the same database for everything, to ensure that people actually use it! To start off with, we'd need some sort of generic API to the above functions, so that different interfaces can be written. A command-line interface would then be easiest. I don't know how network communications should be handled: HTTP to CGI scripts that return sets of RFC-822 headers, maybe? Combined with a DNS alias like modules.python.org, or modules.{us,uk,...}.python.org? Some potential sources of inspiration: Debian: apt Perl: CPAM.pm FreeBSD: ports system RPMfind (rpmfind.net) XEmacs: packages system -- A.M. Kuchling http://starship.python.net/crew/amk/ "Jo, it's a pity escapology wasn't part of your curriculum." "Funny you should say that. Look." <shows untied hand> -- The Doctor and Jo, tied up, in "Terror of the Autons"