[Pythonmac-SIG] Package Manager idea, adding a URL scheme
Jack Jansen
Jack.Jansen at cwi.nl
Fri Oct 10 05:01:05 EDT 2003
On Thursday, October 9, 2003, at 10:24 PM, Ronald Oussoren wrote:
>
> On 9 okt 2003, at 21:43, Bob Ippolito wrote:
>> I think we could get away with including M2Crypto or PyOpenSSL with
>> (Mac)Python 2.4 since OS X comes with OpenSSL. Actually, since OS X
>> is probably only salable in countries where OpenSSL is allowed, I
>> don't see how distributing any cryptography libraries with the OS X
>> version would be a legal problem.
>
> We could also use the commandline openssl interface (/usr/bin/openssl)
> to avoid including crypto code with Python.
This is a really good option! I've been toying with it a bit, and
here's an idea for
a scheme that could be everything to everyone (i.e. please shoot holes
in it:-)
1. A database contains a number of signatures. Each of these is a tuple
(algorithm, signature, additionalinfo).
2. PackMan has an extensible set of signature checkers (similar to the
way
unpacking archives is currently handled). These signature checkers
are
ordered, i.e. the code looks something like
for checker in signature_checkers:
for algorithm, signature, additionalinfo in db.signatures:
if checker.can_handle(algorithm, additionalinfo):
return checker.check(algorithm, db, signature, additionalinfo)
3. The very last signature checker is the "user checker": it takes the
MD5 sum
of the database (the signature field is empty for the user checker
algorithm),
tells the user what it is, shows additionalinfo (which is probably a
secure url)
and asks for "yes" or "no".
The nice thing of having multiple checkers is that there could be two
checkers for, say, x509 signatures: the first one would try to use
M2Crypto,
but if that isn't available in the current Python installation the
second one
would use /usr/bin/openssl.
--
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma
Goldman
More information about the Pythonmac-SIG
mailing list