[Python-Dev] difficulty of implementing phase 2 of PEP 302 in Python source
brett at python.org
Wed Sep 27 23:11:30 CEST 2006
I am at the point with my security work that I need to consider how I am
going to restrict importing modules. My current plan is to basically
implement phase 2 of PEP 302 and control imports through what importer
objects are provided. This work should lead to a meta_path importer for
built-ins and then path_hooks importers for .py, .pyc, and extension
But it has been suggested here that the import machinery be rewritten in
Python. Now I have never touched the import code since it has always had
the reputation of being less than friendly to work with. I am asking for
opinions from people who have worked with the import machinery before if it
is so bad that it is worth trying to re-implement the import semantics in
pure Python or if in the name of time to just work with the C code.
Basically I will end up breaking up built-in, .py, .pyc, and extension
modules into individual importers and then have a chaining class to act as a
combined .pyc/.py combination importer (this will also make writing out to
.pyc files an optional step of the .py import).
Any opinions would be greatly appreciated on this. I need to get back to my
supervisor by the end of the day Friday with a decision as to whether I
think it is worth the rewrite. If you are interested in helping with the
Python rewrite (or in general if the work is done with the C code), please
let me know since if enough people want to help with the Python rewrite it
might help wash out the extra time needed to make it work.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev