[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Jack Jansen Jack.Jansen at cwi.nl
Fri Oct 3 18:32:45 EDT 2003

On 3-okt-03, at 23:21, Glenn Andreas wrote:
> I'm clearly missing something here, because if we have the databases 
> come from a trusted source (python.org) using SSL,

This is what you're missing: we cannot use SSL to transfer the 
database, because
core Python has no SSL support.

We expect the end user to trust a number of entities (because a hole in 
of these would make the whole excercise pointless):
1. Apple, anyone with admin access to their machine, and all the other
    parties involved with local infrastructure.
2. The Python maintainers.
3. The installed Python distribution, including PackMan (either because
    it was Apple-provided, or because people checked the signature on the
    website download page).
4. The scapegoat.
5. Anyone the scapegoat trusts wrt. web distribution (their webhoster, 
    key-signing Trusted Third Party).
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma 

More information about the Pythonmac-SIG mailing list