would be nice: import from archive
Paul Rubin
http
Sat Aug 28 05:47:37 EDT 2004
Benjamin Niemann <pink at odahoda.de> writes:
> import mymodule
> verify_module(mymodule)
This is no good. The import runs any code in the module, so the sig
has to verify BEFORE the module loads.
> Another question is, where to place (require|verify)_signature() (that
> could also take a CA key (or list of) as optional argument to only
> allow modules signed by this CA). It must not be imported from an
> untrusted module.
Correct, that's the messy infrastructure I mentioned. My basic idea is
"do whatever Java does".
More information about the Python-list
mailing list