[Pythonmac-SIG] Package Manager idea, adding a URL scheme
Jack.Jansen at cwi.nl
Fri Oct 3 18:32:45 EDT 2003
On 3-okt-03, at 23:21, Glenn Andreas wrote:
> I'm clearly missing something here, because if we have the databases
> come from a trusted source (python.org) using SSL,
This is what you're missing: we cannot use SSL to transfer the
core Python has no SSL support.
We expect the end user to trust a number of entities (because a hole in
of these would make the whole excercise pointless):
1. Apple, anyone with admin access to their machine, and all the other
parties involved with local infrastructure.
2. The Python maintainers.
3. The installed Python distribution, including PackMan (either because
it was Apple-provided, or because people checked the signature on the
website download page).
4. The scapegoat.
5. Anyone the scapegoat trusts wrt. web distribution (their webhoster,
key-signing Trusted Third Party).
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma
More information about the Pythonmac-SIG