[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Jack Jansen Jack.Jansen at cwi.nl
Fri Oct 10 05:01:05 EDT 2003


On Thursday, October 9, 2003, at 10:24 PM, Ronald Oussoren wrote:

>
> On 9 okt 2003, at 21:43, Bob Ippolito wrote:
>>   I think we could get away with including M2Crypto or PyOpenSSL with 
>> (Mac)Python 2.4 since OS X comes with OpenSSL.  Actually, since OS X 
>> is probably only salable in countries where OpenSSL is allowed, I 
>> don't see how distributing any cryptography libraries with the OS X 
>> version would be a legal problem.
>
> We could also use the commandline openssl interface (/usr/bin/openssl) 
> to avoid including crypto code with Python.

This is a really good option! I've been toying with it a bit, and 
here's an idea for
a scheme that could be everything to everyone (i.e. please shoot holes 
in it:-)

1. A database contains a number of signatures. Each of these is a tuple
    (algorithm, signature, additionalinfo).
2. PackMan has an extensible set of signature checkers (similar to the 
way
    unpacking archives is currently handled). These signature checkers 
are
    ordered, i.e. the code looks something like
    for checker in signature_checkers:
	for algorithm, signature, additionalinfo in db.signatures:
		if checker.can_handle(algorithm, additionalinfo):
			return checker.check(algorithm, db, signature, additionalinfo)
3. The very last signature checker is the "user checker": it takes the 
MD5 sum
    of the database (the signature field is empty for the user checker 
algorithm),
    tells the user what it is, shows additionalinfo (which is probably a 
secure url)
    and asks for "yes" or "no".

The nice thing of having multiple checkers is that there could be two
checkers for, say, x509 signatures: the first one would try to use 
M2Crypto,
but if that isn't available in the current Python installation the 
second one
would use /usr/bin/openssl.
--
Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack
If I can't dance I don't want to be part of your revolution -- Emma 
Goldman




More information about the Pythonmac-SIG mailing list