[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Jack Jansen Jack.Jansen at cwi.nl
Thu Oct 2 17:48:29 EDT 2003 

On 1-okt-03, at 21:11, Ronald Oussoren wrote:
> Another idea: Add a function of comparing versions to pimp.

The intention was that there was going to be a default version check 
that worked
exactly this way. This should be done for the next version. The default
version check should probably first use a verbatim string equality 
check, if that
fails get '[0-9.]*' from both versions and compare those for less and 
greater,
and if those are identical but the rest of the version strings differ 
give up.

> BTW. I just noted that PackMan (the GUI) doesn't have an 'uninstall' 
> option. That makes it harder to throw away packages that are not 
> really needed.

distutils should support this, then it would be easy. There's hooks
in pimp to record what files have been installed, but as this 
information
is incomplete I didn't follow up on it. For binary installations life
is easier, as we *do* know what has been installed, but there still 
another
problem: installs can overwrite existing files, so we should stash these
away somewhere. For this we could probably look for good ideas in other
installers.

And Just said:
> - I really dislike PackMan executing code from the .plist

I can't think of any other way to make things truly extensible.
But we should definitely allow for some sort of public key scheme to
be used. I've been toying with the idea of using the secure http of
your browser, something like a "check integrity" button that would
take the MD5 sum of the database, get an entry IntegrityCheck from
the database (of the form 
"https://www.python.org/pimp/integrity/%s.html")
fill in the md5sum and send your browser there. Probably the user
should get a dialog first (from pimp) explaining how to check the
integrity (look at the padlock) and what it means (you're only trusting
the fact that whoever maintains the website also created this pimp
database).
--
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma 
Goldman

More information about the Pythonmac-SIG mailing list