[Python-ideas] Remote package/module imports through HTTP/S
Chris Angelico
rosuav at gmail.com
Wed Aug 23 22:23:31 EDT 2017
On Thu, Aug 24, 2017 at 12:13 PM, Stephen J. Turnbull
<turnbull.stephen.fw at u.tsukuba.ac.jp> wrote:
> Chris Angelico writes:
>
> > If you're worried about the latter, don't use httpimport.
>
> I guarantee you that in my (university) environment, if httpimport is
> in the stdlib, its use will be rampant (and not just by students, but
> by security-oblivious faculty). I want to be able to walk up to a
> student, say "may I?" and type "python -m httpimport" to determine if
> that particular risky behavior is a worry. Because *I'm* liable for
> my students' PCs' behavior on the network.
>
> Personally speaking, +1 on PyPI, -100 on stdlib.
Agreed, and a VERY good reason for this to be an explicitly-installed
package. By its nature, it won't be a dependency of other packages, so
keeping it out of the stdlib pretty much guarantees that it'll only be
available if it's been called for by name.
ChrisA
More information about the Python-ideas
mailing list