would be nice: import from archive

[Paul Rubin]

aleaxit at yahoo.com (Alex Martelli) writes:
> Would it make sense to rely on a naming convention instead?
> I.e. foo.zip would be unsigned but bar.jar would have to be signed
> or else no go.  This would have the advantage of allowing
> substantial granularity in controlling this.

I think this is reasonable, except what does the import statement look
like?  Do you say something like "import frob from bar.jar"?

> Side question, does module zipfile already have the code to allow
> reading such signed files?  

I think jar files are just zip files containing an extra file (called
"manifest") that has signatures in it.  So you can import from a jar
as if it were a zip.