[Python-Dev] Support for Encrypted Zip as python scripts

Nick Coghlan ncoghlan at gmail.com
Mon Aug 24 04:09:02 CEST 2009

Guido van Rossum wrote:
> Anyway it looks like if someone wants to try this, only the code in
> runpy.py needs to be touched.

The necessary work would actually be in zipimport. runpy doesn't know
anything about the details of where the module code comes from, it just
asks the relevant importer for the details. For zipfile and directory
execution, they get added to the start of sys.path and then runpy is
invoked to look for the module "__main__". From that point on most of
the heavy lifting is handled by the regular import machinery (aside from
using the pkgutil emulation for the basic import behaviour that isn't
fully exposed by the imp module).

I added a -1 to the tracker issue as well. That's due both to my opinion
on the inherent idiocy of DRM though (since shared secrets don't provide
any security when the attacker in your threat model is one of the people
you are sharing the secret with) and to the fact that associating
passwords with the relevant zipfile entries on sys.path would get messy
fairly quickly.


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Python-Dev mailing list