would be nice: import from archive
"Martin v. Löwis"
martin at v.loewis.de
Mon Aug 30 08:43:44 CEST 2004
Paul Rubin wrote:
> so you could say
> import x(signed)
> import x(signed, certfile='mycerts.pem')
> or whatever.
I believe that import is the wrong point in time for checking
signatures. You want to check the signature when the file is
added to sys.path, i.e.
That way, you can guarantee that trusted code is on sys.path
all the time. Then, you can also trust any import statement.
More information about the Python-list