[Distutils] Package Meta-information Patch

Greg Stein gstein@lyra.org
Tue, 18 Jan 2000 04:20:02 -0800 (PST)

On Mon, 17 Jan 2000, Fred L. Drake, Jr. wrote:
> Greg Ward writes:
>  > What I'm a little leery about is using Python code as a data format.
>  > It's attractive because we all know the syntax and don't have to write a
>  > parser.  But using a general-purpose language for *such* a specific,
>  > tightly-targeted task seems ... I dunno ... overkill-ish.  And I wonder
>  > if there are security holes lurking in the concept of using code for
>  > system catalog data.
>  > 
>  > Does anyone else share my reservations (which are vague, ill-defined,
>   Yes.  This stuff should not require any exec or eval.  It might be
> reasonable to use something like the .ini format; this can be handled
> using ConfigParser.  This way we still don't need to write a parser.

I second Fred here... use a format compatible with ConfigParser. Simple,
clean, and easily handled.

DBM or central databases are probably a bit bogus. What's the speed for?
If you want to *locate* the _pkginfo files, then just append a pathname to
a central file. Let the tool go and see if it is still there. Or the tool
can be invoked with "do a filetree walk -- the log file may be out of

KISS :-)


Greg Stein, http://www.lyra.org/