On Wed, 8 Jan 2020, 23:04 Brett Cannon, <br...@python.org> wrote: > > > > That's under-specified. What hash algorithm was used? How are you going to > specify it? >
That was a sha256 demo. But then I can modify the signatures of any of these files by regenerating > them. Please trust me, this isn't simple to get right, especially if you > are shipping the hashes with the file if you're trying to protect tampering > versus just verifying a blip in a download. > Well i mentionned that The hash value becomes the checking signature of the zipfile. Meaning that it's just a structure to easily verify the integrity of a file in depth. The end hash becomes the verifying signature but since we have the individual hashes as well we can verify which file changed I did not elaborate on signing as i'm still looking into it That actually doesn't work. You cannot load an extension module from > memory; it *must* be from disk so this doesn't solve the extension module > problem. > Oh i mean physically generating another zip on disk (zip B) then executing it. >
_______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/3Z2JEB67EULKMNKUD7M5D4Q6GJNS6VUM/ Code of Conduct: http://python.org/psf/codeofconduct/
