Code Repositories was( RE: Proposal: add vector arithmetic to array module)

Mike C. Fletcher mcfletch at home.com
Tue Sep 25 15:23:18 EDT 2001 

:) I stopped working in corporations about 4 months ago, I've lost the habit
of using such speech patterns :) .  Here's a translated version. I might
like to see established a code repository with the following
characteristics:

		Complete (distributed, robust) repository of all available code modules.
		Widely distributed and used signing mechanisms.
		Strong identification protocols and practices, possibly including both a
web-of-identity-trust with core group identification established during
International Python conferences with proper official documentation of
identity.
		Paranoid distribution of crypto signatures for packages and developers.
		Mechanism for vetting code from non-trusted sources by trusted sources
(upon code audit).
		Ability to provide signed distribution by trusted sources for code from
vetted trusted sources.
		Ability to establish (private) personal webs of trust (i.e. your trusted
source is not necessarily my trusted source).
		Ability to, where desired, automatically update a set of libraries where
those libraries are provided (or vetted) by trusted sources.
		Strong call-back verification for uploaded packages. Potentially including
required public announcements with delay before publishing and with
procedures for handling dissent Re: potential package source corruption.
		Voting/comment mechanisms for discussion of potential security failures.
		Support for multiple platforms, multiple releases, and per-release
variants.
		Aggregate tracking of usage to determine "soft" acceptance levels (as
described in your e-mail) for un-trusted modules.
		Client side APIs for interacting with the server side system.
Configuration options to determine security requirements, from complete
automated download where a trusted source can be found through a
step-by-step download where every stage is confirmed, and the tools force a
vetting of each source file.  (Note: I said download in the previous e-mail,
not install ;) )
		Multi-directional consistency checks, effectively having each computer
perform multiple consistency checks on the files and confirm those
consistency checks with multiple other computers to prevent reliance on a
single centralized server.

But basically, I don't expect to see that anytime soon.  Nor am I really
sure such a system would really be useful given that a large percentage of
the python community (particularly Windows users) routinely downloads
executable files from web sites (particularly pre-compiled python packages,
but really, almost anything on a Windows box is likely distributed as an
executable), which obviously opens them up to becoming a compromised
element.

Everyone would like to see something in place which allows for easy
distribution of standard python modules.  The details, and I will freely
admit that is where the devil dwells, are by no means worked out (heck, we
haven't even worked out a vision yet as far as I know).

Enjoy yourself,
Mike



-----Original Message-----
From: python-list-admin at python.org
[mailto:python-list-admin at python.org]On Behalf Of Paul Rubin
Sent: September 25, 2001 14:27
To: python-list at python.org
Subject: Re: Proposal: add vector arithmetic to array module


"Mike C. Fletcher" <mcfletch at home.com> writes:
> Numeric is becoming a very widely used module, so if there is something
> going into the core, it would be my vote.  However, I'd still like to see
a
> better mechanism for distributing extensions (e.g. auto-downloading signed
> packages from a Zope server somewhere) so that the list of "included"
> modules can _shrink_, rather than grow.
>
> But then everyone wants that,

I certainly don't want any automated software downloads happening
without my permission, signed code or not.  Also, just because code is
signed doesn't mean I trust whoever signed it.  I'm generally willing
to trust the maintainers of highly visible systems (e.g. the main
Python distribution) if I'm getting the source code.  But if it's
something infrequently used from a random developer who I don't know,
I'll usually inspect the source code before compiling it, which takes
quite a bit of time.  I do *not* want dozens of packages signed by
unknown random distributors installed on my machine automatically.
--
http://mail.python.org/mailman/listinfo/python-list

More information about the Python-list mailing list