At 09:44 PM 3/21/2008 -0400, A.M. Kuchling wrote: >On Fri, Mar 21, 2008 at 06:41:00PM -0400, Phillip J. Eby wrote: > > I'm making the assumption that the author(s) of PEP 262 had good > > reason for including what they did, rather than assuming that we > > should start the entire process over from scratch. > >The goal *was* originally to provide for RPM-like verification of file >content, but I don't know that the verification feature really matters >that much; OSes with packaging systems already support such a feature, >probably, and it probably isn't particularly useful for systems >without a packaging system.
Actually, it's the places where there's no packaging system that it's most useful. For example, an application that installs plugins to itself. A development environment with multiple virtual pythons. Users installing stuff to their PYTHONPATH, etc. In these cases, having the Python-specific tools be able to verify content signatures is useful, to make sure that you know what you're updating or removing. This is particularly important if one installs anything just by unpacking it into the target directory; you could overwrite something and then have only size/signature info to sort out whose version of the file is actually there. I more question the permissions and uid/gid stuff; I'm not really clear on what I'd use that stuff for in easy_install/uninstall/etc. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
