On May 5, 2009, at 10:38 AM, P.J. Eby wrote:
At 08:41 AM 5/5/2009 -0400, Doug Hellmann wrote:
I don't want new functionality available to an application just
because someone has permission to install a package somewhere in the
PYTHONPATH. I would rather have plugins added to an app through an
explicit configuration step of some sort.
Note that this is not incompatible with entry points; an application
can simply treat entry points as a list of *available* plugins,
rather than as a list of *active* plugins. Chandler, for example,
does this for user-level plugins.
That's good. I wasn't sure if registering an entry point caused it to
be automatically loaded in an app that expressed interest in it, or if
there was a step the app could take to verify that it was desirable
code before doing any imports. Earlier messages in this thread made
me think there was no "protection" from a registered plugin.
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig