[Pythonmac-SIG] PackMan

Bob Ippolito bob at redivi.com
Tue Jul 29 19:18:51 EDT 2003 

On Tuesday, Jul 29, 2003, at 17:35 America/New_York, Jack Jansen wrote:
>
> On dinsdag, jul 29, 2003, at 23:09 Europe/Amsterdam, Ronald Oussoren 
> wrote:
>>
>> On Tuesday, 29 July, 2003, at 22:49, Jack Jansen wrote:
>>>
>>> On dinsdag, jul 29, 2003, at 22:36 Europe/Amsterdam, Kevin Ollivier 
>>> wrote:
>>>> Jack and all, if I agreed to rebuild PM this weekend in wxPython 
>>>> (and it works ^_-), would you be open to using that as a starting 
>>>> point for future development?
>>>
>>> I would very much like it if you redid PackMan in wxPython, and it 
>>> should be easy, see my other mail on the subject. It will, of 
>>> course, turn out not to be easy because I overlooked various things, 
>>> but then we'll fix those [*].
>>>
>>> I will not promise not to do a Cocoa version, though.
>>
>> If you don't do a Cocoa version I might do it.
>
> That is even better:-)
> How about you and Kevin turning this into a contest, let's see who has 
> a replacement
> for the W-based package manager fastest?

I'm going to figure out how we can get some cryptographic authority 
into the plist files.  Since we run into the bootstrapping problem if 
we depend on pyOpenSSL or the like, I think we should just fork the 
openssl command line tool to do what we need it to do.  It's guaranteed 
to be there for MacOS X anyhow.  I don't think the plist file should be 
encrypted, but it should have a digital signature that says yes, this 
was signed by the official MacPython certificate authority (which the 
source code for Python will trust by default).  I think we should also 
think about moving away from the "exec stuff to see if exceptions 
happen" model and try and come up with a set of predetermined and 
presumably safe commands that can determine if a module is installed or 
not and what version it is.

IMHO, any module that does import time nastiness 
(*cough*wxPython*cough*) should be fixed so that it's at least safe to 
open up an __init__.py and read out a __version__ or what have you.  It 
should also be made clear that all (3rd party?) python modules and 
packages should start putting __version__ in their base package or 
module if they are to be considered for PyPI / PIMP / Package Manager 
inclusion.

-bob

More information about the Pythonmac-SIG mailing list