[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Bob Ippolito bob at redivi.com
Thu Oct 9 15:43:33 EDT 2003

On Thursday, Oct 9, 2003, at 15:30 America/New_York, amk at amk.ca wrote:

> On Thu, Oct 09, 2003 at 09:06:43PM +0200, Jack Jansen wrote:
>> We are going to need digital signatures at some point, so if we're
>> not going to have them in Python we have to warn users and provide
>> them with an out-of-band way to test packages.
> Can we use GnuPG?  It provides an interface for being run as a 
> subprocess
> and reporting results back in a form usable for programs.  Perhaps it 
> could
> just require that GnuPG is available (via Fink or some other 
> mechanism).

I think it would be a lot easier on the users if we could just let them 
install a particular Python package that can do the signature 
verification.  Is there anything in OpenSSL that could be exploited for 
this purpose?  I think we could get away with including M2Crypto or 
PyOpenSSL with (Mac)Python 2.4 since OS X comes with OpenSSL.  
Actually, since OS X is probably only salable in countries where 
OpenSSL is allowed, I don't see how distributing any cryptography 
libraries with the OS X version would be a legal problem.

I'd rather not depend on Fink, or something "obscure" like GnuPG, 
because that kinda defeats the purpose of what we're doing.  Besides, 
Fink has their own version of Python that they maintain a package 
repository for.


More information about the Pythonmac-SIG mailing list