[Pythonmac-SIG] PackMan
Bob Ippolito
bob at redivi.com
Tue Jul 29 19:18:51 EDT 2003
On Tuesday, Jul 29, 2003, at 17:35 America/New_York, Jack Jansen wrote:
>
> On dinsdag, jul 29, 2003, at 23:09 Europe/Amsterdam, Ronald Oussoren
> wrote:
>>
>> On Tuesday, 29 July, 2003, at 22:49, Jack Jansen wrote:
>>>
>>> On dinsdag, jul 29, 2003, at 22:36 Europe/Amsterdam, Kevin Ollivier
>>> wrote:
>>>> Jack and all, if I agreed to rebuild PM this weekend in wxPython
>>>> (and it works ^_-), would you be open to using that as a starting
>>>> point for future development?
>>>
>>> I would very much like it if you redid PackMan in wxPython, and it
>>> should be easy, see my other mail on the subject. It will, of
>>> course, turn out not to be easy because I overlooked various things,
>>> but then we'll fix those [*].
>>>
>>> I will not promise not to do a Cocoa version, though.
>>
>> If you don't do a Cocoa version I might do it.
>
> That is even better:-)
> How about you and Kevin turning this into a contest, let's see who has
> a replacement
> for the W-based package manager fastest?
I'm going to figure out how we can get some cryptographic authority
into the plist files. Since we run into the bootstrapping problem if
we depend on pyOpenSSL or the like, I think we should just fork the
openssl command line tool to do what we need it to do. It's guaranteed
to be there for MacOS X anyhow. I don't think the plist file should be
encrypted, but it should have a digital signature that says yes, this
was signed by the official MacPython certificate authority (which the
source code for Python will trust by default). I think we should also
think about moving away from the "exec stuff to see if exceptions
happen" model and try and come up with a set of predetermined and
presumably safe commands that can determine if a module is installed or
not and what version it is.
IMHO, any module that does import time nastiness
(*cough*wxPython*cough*) should be fixed so that it's at least safe to
open up an __init__.py and read out a __version__ or what have you. It
should also be made clear that all (3rd party?) python modules and
packages should start putting __version__ in their base package or
module if they are to be considered for PyPI / PIMP / Package Manager
inclusion.
-bob
More information about the Pythonmac-SIG
mailing list