On 16.06.20 10:00, redrad...@gmail.com wrote:
You cannot trust PyPi either ...
I think user should decide if it allows code from arbitrary URL to access
filesystem, network or anything else as `wasmtime` and `deno` did
If you want to do this, you can still download the code and use
`importlib` to import it.
But usually you want to import a whole package (or parts of it), not a
stand-alone module. And this package might have dependencies on other
packages. And these dependencies might even conflict with the
dependencies of other packages that you are using. So this whole process
is fairly complex and is better resolved before application startup.
There exists a variety of tools that deal with package management (e.g.
pip, poetry, ...).
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/archives/list/python-ideas@python.org/message/IQYYKZUQZS75IQYJIITP5R3PF3W7PP2X/
Code of Conduct: http://python.org/psf/codeofconduct/
