New Features in Python 1.6

Sat Apr 1 22:41:55 EST 2000

I think that there are security issues with the auto download.  I feel
comfortable being able to download one big thing and being able to examine it
source code wise and with anti-virus programs and so forth.  I get kind of
worried about somebody some how injecting malicous code in transit or fooling my
machine into downloading something from a hacker's box because they have done
something to a DNS server or something.  There should be a way to disable this
feature on a per machine basis.

William Tanksley wrote:

> On Sun, 02 Apr 2000 02:39:54 GMT, Eric Hagemann wrote:
> >What are the options for users wanting 1.6 that may not have access to
> >modules.python.org
> >on a regular basis or at all.  I'd hate to be disconnected from the net and
> >find I need that
> >'one' function that used to be in the standard library ......... e.g. can I
> >down load the
> >entire library and forgo the net check ?  What happens if there is no net --
> >will the import function
> >get unhappy ?
>
> It's actually not a problem -- all modern OSes support TCP/IP even when
> you're disconnected from the net, and one particular address, 127.0.0.1,
> is always live.  This happens to be the site from which Python loads its
> modules (we have an agreement with the owner of that site, which also
> hosts many other products of the same nature, including some marketing
> apps).
>
> >Also when you import like this does the code check the net for a newer
> >version or only when you have no version of the particular sub-module ?
>
> Only when you have no version.  That's not a bad idea, though.  I suspect
> it would be best as a single, user-initiated command, though.
>
> >"Guido van Rossum" <guido at python.org> wrote in message
>
> >> 2. Imputils
>
> >> Complementary to the Distutils are the Imputils, or Import Utilities.
> >> Python's import mechanism has been reworked to make it easy for Python
> >> programmers to put "hooks" into the code that finds and loads modules.
> >> The default import mechanism now includes hooks, written in Python, to
> >> load modules via HTTP from a known URL.
> >>
> >> This has allowed us to drop most of the standard library from the
> >> distribution.  Now, for example, when you import a less-commonly-needed
> >> module from the standard library, Python fetches the code for you.  For
> >> example, if you say
> >>
> >>     import tokenize
> >>
> >> then Python -- via the Imputils -- will fetch
> >> http://modules.python.org/lib/tokenize.py for you and install it on your
> >> system for future use.  (This is why the Python interpreter is now
> >> installed as a setuid binary under Unix -- if you turn off this bit, you
> >> will be unable to load modules from the standard library!)
> >>
> >> If you try to import a module that's not part of the standard library,
> >> then the Imputils will find out -- again from modules.python.org --
> >> where it can find this module.  It then downloads the entire relevant
> >> module distribution, and uses the Distutils to build and install it on
> >> your system.  It then loads the module you requested.  Simplicity
> >> itself!
>
> --
> -William "Billy" Tanksley