[Pythonmac-SIG] Package Manager idea, adding a URL scheme
Jack.Jansen at cwi.nl
Fri Oct 3 19:06:04 EDT 2003
On 3-okt-03, at 19:41, Kevin Ollivier wrote:
> Hi all,
> What about making it an 'add-on' for Package Manager? I do see this as
> getting potentially very messy to get into Python core, if it is even
> possible. (And even if we could, it would restrict ways in which
> vendors from other countries could re-package the software - i.e.
> Linux vendor X in country Y may have to remove PM from their distro
> because of legal issues) Just make a prompt when the software is first
> run, saying something like: "While every effort is made to ensure that
> packages are legitimate and safe, some packages could contain viruses
> or malicious code that when run could cause harm to your computer.
> Please be aware that there is some risk involved, especially if you
> are loading Package Manager databases from non-official sources. If
> your country allows the import and use of cryptographic software, you
> may download an update to Package Manager that adds more verification
> controls for package authors from 'your URL here'." Or of course make
> the add-in show up in PackageManager itself. =) I think this is a
> compromise which side-steps any legal issues that might arise.
Very good idea! So we construct PackMan in such a way that it first
tries a secure HTTP connection, and if that fails due to SSL support not
being available in Python it shows the message.
But: I don't think the SSL support should be downloadable through
PackMan should point you to an https: URL to load it in a trusted way.
After it's securely transferred to your machine PackMan can take over
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma
More information about the Pythonmac-SIG