would be nice: import from archive
Paul Rubin
http
Mon Aug 30 13:55:18 EDT 2004
"Martin v. Löwis" <martin at v.loewis.de> writes:
> I believe that import is the wrong point in time for checking
> signatures. You want to check the signature when the file is
> added to sys.path, i.e.
>
> imp.verify_signature(filename)
> sys.path.append(filename)
There's something to be said for that. Maybe you could append a tuple
to say how to verify signatures:
sys.add_library((filename, 'certfile.pem'))
checks the sig and updates sys.path. The whole notion of sys.path.append
(i.e. sys.path is just a naked Python list) is kludgy anyway.
More information about the Python-list
mailing list