would be nice: import from archive
Paul Rubin
http
Sat Aug 28 04:04:01 EDT 2004
aleaxit at yahoo.com (Alex Martelli) writes:
> Would it make sense to rely on a naming convention instead?
> I.e. foo.zip would be unsigned but bar.jar would have to be signed
> or else no go. This would have the advantage of allowing
> substantial granularity in controlling this.
I think this is reasonable, except what does the import statement look
like? Do you say something like "import frob from bar.jar"?
> Side question, does module zipfile already have the code to allow
> reading such signed files?
I think jar files are just zip files containing an extra file (called
"manifest") that has signatures in it. So you can import from a jar
as if it were a zip.
More information about the Python-list
mailing list