[Pythonmac-SIG] Package Manager idea, adding a URL scheme
Bob Ippolito
bob at redivi.com
Thu Oct 9 15:43:33 EDT 2003
On Thursday, Oct 9, 2003, at 15:30 America/New_York, amk at amk.ca wrote:
> On Thu, Oct 09, 2003 at 09:06:43PM +0200, Jack Jansen wrote:
>> We are going to need digital signatures at some point, so if we're
>> not going to have them in Python we have to warn users and provide
>> them with an out-of-band way to test packages.
>
> Can we use GnuPG? It provides an interface for being run as a
> subprocess
> and reporting results back in a form usable for programs. Perhaps it
> could
> just require that GnuPG is available (via Fink or some other
> mechanism).
I think it would be a lot easier on the users if we could just let them
install a particular Python package that can do the signature
verification. Is there anything in OpenSSL that could be exploited for
this purpose? I think we could get away with including M2Crypto or
PyOpenSSL with (Mac)Python 2.4 since OS X comes with OpenSSL.
Actually, since OS X is probably only salable in countries where
OpenSSL is allowed, I don't see how distributing any cryptography
libraries with the OS X version would be a legal problem.
I'd rather not depend on Fink, or something "obscure" like GnuPG,
because that kinda defeats the purpose of what we're doing. Besides,
Fink has their own version of Python that they maintain a package
repository for.
-bob
More information about the Pythonmac-SIG
mailing list