would be nice: import from archive

[Paul Rubin]

Benjamin Niemann <pink at odahoda.de> writes:
> import mymodule
> verify_module(mymodule)

This is no good.  The import runs any code in the module, so the sig
has to verify BEFORE the module loads.

> Another question is, where to place (require|verify)_signature() (that
> could also take a CA key (or list of) as optional argument to only
> allow modules signed by this CA). It must not be imported from an
> untrusted module.

Correct, that's the messy infrastructure I mentioned.  My basic idea is
"do whatever Java does".