would be nice: import from archive

Paul Rubin http
Mon Aug 30 19:55:18 CEST 2004

"Martin v. Löwis" <martin at v.loewis.de> writes:
> I believe that import is the wrong point in time for checking
> signatures. You want to check the signature when the file is
> added to sys.path, i.e.
> imp.verify_signature(filename)
> sys.path.append(filename)

There's something to be said for that.  Maybe you could append a tuple
to say how to verify signatures:

  sys.add_library((filename, 'certfile.pem'))

checks the sig and updates sys.path.  The whole notion of sys.path.append
(i.e. sys.path is just a naked Python list) is kludgy anyway.

More information about the Python-list mailing list