What if we introduce the string module: ```python from "https://python.org/some_module.py" import name ... ``` It will add possibility to run code with complex name of module that cannot be presented as set of lexical items and also will allow to load the module from external location
On Tue, Jun 16, 2020 at 12:19:00AM -0000, redradist@gmail.com wrote:
from "https://python.org/some_module.py" import name
The last thing I want to see is modules start importing code from arbitrary, untrustworthy websites.
It will add possibility to run code with complex name of module
Why is that a good idea? Why can't you just rename your module with a legal identifier and put it on the PYTHONPATH? It isn't enough to propose an idea to have it accepted. You have to explain why that idea is a good idea. If you think that it is so obvious why it is a good idea that you don't have to explain why, trust me, it's not. If it was so obvious, we would have done it by now. -- Steven
You cannot trust PyPi either ... I think user should decide if it allows code from arbitrary URL to access filesystem, network or anything else as `wasmtime` and `deno` did
On 16.06.20 10:00, redradist@gmail.com wrote:
You cannot trust PyPi either ...
I think user should decide if it allows code from arbitrary URL to access filesystem, network or anything else as `wasmtime` and `deno` did
If you want to do this, you can still download the code and use `importlib` to import it. But usually you want to import a whole package (or parts of it), not a stand-alone module. And this package might have dependencies on other packages. And these dependencies might even conflict with the dependencies of other packages that you are using. So this whole process is fairly complex and is better resolved before application startup. There exists a variety of tools that deal with package management (e.g. pip, poetry, ...).
Yeah, but it still desire to be solved ... One of the use-cases is if I want to use `Brython`, it will be usable to load the module or entire package from the internet and then to use it in my application ... Issue with the right to access some resources could be solve with flags as `Deno` did
You can do this via a function call; it does not require syntax support. And Deno has specific needs as they also need to fetch type information, so being able to parse out the URLs systematically has special meaning to deno. On Tue, Jun 16, 2020 at 2:06 AM <redradist@gmail.com> wrote:
On Tue, Jun 16, 2020 at 12:19:00AM -0000, redradist@gmail.com wrote:
from "https://python.org/some_module.py" import name
The last thing I want to see is modules start importing code from arbitrary, untrustworthy websites.
It will add possibility to run code with complex name of module
Why is that a good idea? Why can't you just rename your module with a legal identifier and put it on the PYTHONPATH? It isn't enough to propose an idea to have it accepted. You have to explain why that idea is a good idea. If you think that it is so obvious why it is a good idea that you don't have to explain why, trust me, it's not. If it was so obvious, we would have done it by now. -- Steven
You cannot trust PyPi either ... I think user should decide if it allows code from arbitrary URL to access filesystem, network or anything else as `wasmtime` and `deno` did
On 16.06.20 10:00, redradist@gmail.com wrote:
You cannot trust PyPi either ...
I think user should decide if it allows code from arbitrary URL to access filesystem, network or anything else as `wasmtime` and `deno` did
If you want to do this, you can still download the code and use `importlib` to import it. But usually you want to import a whole package (or parts of it), not a stand-alone module. And this package might have dependencies on other packages. And these dependencies might even conflict with the dependencies of other packages that you are using. So this whole process is fairly complex and is better resolved before application startup. There exists a variety of tools that deal with package management (e.g. pip, poetry, ...).
Yeah, but it still desire to be solved ... One of the use-cases is if I want to use `Brython`, it will be usable to load the module or entire package from the internet and then to use it in my application ... Issue with the right to access some resources could be solve with flags as `Deno` did
You can do this via a function call; it does not require syntax support. And Deno has specific needs as they also need to fetch type information, so being able to parse out the URLs systematically has special meaning to deno. On Tue, Jun 16, 2020 at 2:06 AM <redradist@gmail.com> wrote:
participants (4)
-
Brett Cannon -
Dominik Vilsmeier -
redradist@gmail.com -
Steven D'Aprano