On 3-okt-03, at 19:41, Kevin Ollivier wrote: > Hi all, > > What about making it an 'add-on' for Package Manager? I do see this as > getting potentially very messy to get into Python core, if it is even > possible. (And even if we could, it would restrict ways in which > vendors from other countries could re-package the software - i.e. > Linux vendor X in country Y may have to remove PM from their distro > because of legal issues) Just make a prompt when the software is first > run, saying something like: "While every effort is made to ensure that > packages are legitimate and safe, some packages could contain viruses > or malicious code that when run could cause harm to your computer. > Please be aware that there is some risk involved, especially if you > are loading Package Manager databases from non-official sources. If > your country allows the import and use of cryptographic software, you > may download an update to Package Manager that adds more verification > controls for package authors from 'your URL here'." Or of course make > the add-in show up in PackageManager itself. =) I think this is a > compromise which side-steps any legal issues that might arise. Very good idea! So we construct PackMan in such a way that it first tries a secure HTTP connection, and if that fails due to SSL support not being available in Python it shows the message. But: I don't think the SSL support should be downloadable through PackMan, PackMan should point you to an https: URL to load it in a trusted way. After it's securely transferred to your machine PackMan can take over again. -- Jack Jansen, <Jack.Jansen at cwi.nl>, http://www.cwi.nl/~jack If I can't dance I don't want to be part of your revolution -- Emma Goldman
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4