would be nice: import from archive

Alex Martelli aleaxit at yahoo.com
Sat Aug 28 08:44:18 CEST 2004

Paul Rubin <http://phr.cx@NOSPAM.invalid> wrote:

> aleaxit at yahoo.com (Alex Martelli) writes:
> > I know of no reason to forbid support for such "signing", no.  If you
> > want to offer a patch to zipimport to let it support whatever signing,
> > encryption, or other devilry appeals to you, this is definitely the
> > right moment if you hope to see it happen in Python 2.4.
> I think the simplest is to just have zipimport understand jar files
> and their signatures.  There's enough supporting infrastructure needed
> that getting it in 2.4 is probably asking a bit much, though.
> > If you mean patching zipimport to _forbid_ importing from any zipfile
> > whatsoever, including a plain vanilla one, I think it's too late for
> > THAT for Python 2.4 
> If signing is supported, then there has to be a way to reject imports
> whose signatures don't verify.  It could be a runtime option or
> something, I guess.  How does zipimport work anyway?  I don't see it
> in the library doc index for 2.3.

While the overall way the new import hooks work is well documented in
their PEP, zipimport is admittedly underdocumented.  I suggest peeking
at the Python source distribution, files:

The excu^H^H^H^H reason for the documentation scarcity, you can read at
the end of the docstring for zipimport...:
It is usually not needed to use the zipimport module explicitly; it is
used by the builtin import mechanism for sys.path items that are paths
to Zip archives.


More information about the Python-list mailing list