would be nice: import from archive
aleaxit at yahoo.com
Sat Aug 28 08:44:18 CEST 2004
Paul Rubin <http://phr.cx@NOSPAM.invalid> wrote:
> aleaxit at yahoo.com (Alex Martelli) writes:
> > I know of no reason to forbid support for such "signing", no. If you
> > want to offer a patch to zipimport to let it support whatever signing,
> > encryption, or other devilry appeals to you, this is definitely the
> > right moment if you hope to see it happen in Python 2.4.
> I think the simplest is to just have zipimport understand jar files
> and their signatures. There's enough supporting infrastructure needed
> that getting it in 2.4 is probably asking a bit much, though.
> > If you mean patching zipimport to _forbid_ importing from any zipfile
> > whatsoever, including a plain vanilla one, I think it's too late for
> > THAT for Python 2.4
> If signing is supported, then there has to be a way to reject imports
> whose signatures don't verify. It could be a runtime option or
> something, I guess. How does zipimport work anyway? I don't see it
> in the library doc index for 2.3.
While the overall way the new import hooks work is well documented in
their PEP, zipimport is admittedly underdocumented. I suggest peeking
at the Python source distribution, files:
The excu^H^H^H^H reason for the documentation scarcity, you can read at
the end of the docstring for zipimport...:
It is usually not needed to use the zipimport module explicitly; it is
used by the builtin import mechanism for sys.path items that are paths
to Zip archives.
More information about the Python-list