from:"Gregory Disney"

[Python-ideas] Re: "Curated" package repo?

2023-07-06 Thread Gregory Disney

why do people insist on reinventing the wheel? Blockchain is not the answer
for adding trust that is verifiable. Code signing is the answer, it’s
widely accepted and would be useful in cases of trusted computing and other
security use cases.

I don’t want to load a hash table to load a third party module on a UEFI
interface.

On Thu, Jul 6, 2023 at 9:11 AM James Addison via Python-ideas <
python-ideas@python.org> wrote:

> On Wed, Jul 5, 2023, 19:06 Chris Angelico  wrote:
>
>> On Thu, 6 Jul 2023 at 03:57, James Addison via Python-ideas
>>  wrote:
>> > I also agree with a later reply about avoiding the murkier side of
>> blockchains / etc.  That said, it seems to me (again, sample size one
>> anecdata) that creating a more levelled playing field for package
>> publication could benefit from the use of some distributed technologies.
>> Even HTTP mirrors are, arguably, a basic form of that.. there's at least
>> one question related to recency of data, though.  Delaying availability of
>> a package to an audience -- if it's important enough -- could under some
>> circumstances become effectively similar to censorship.
>> >
>>
>> A blockchain won't solve anything here. It would be completely and
>> utterly impractical to put the packages themselves into a blockchain,
>> so all you'd have is the index, and that means it's just a bad version
>> of PyPI's own single-page index.
>>
>> ChrisA
>> ___
>> Python-ideas mailing list -- python-ideas@python.org
>> To unsubscribe send an email to python-ideas-le...@python.org
>> https://mail.python.org/mailman3/lists/python-ideas.python.org/
>> Message archived at
>> https://mail.python.org/archives/list/python-ideas@python.org/message/PTIS3HZHJSFV7ETWE7UP4HKXS4WN2OEO/
>> Code of Conduct: http://python.org/psf/codeofconduct/
>
>
> Mostly agreed.  A distributed hash table or similar, though, could be
> appropriate in combination with ideas similar to the accreting layers of
> self-reinforcing consensus that some blockchain technologies provide.
> ___
> Python-ideas mailing list -- python-ideas@python.org
> To unsubscribe send an email to python-ideas-le...@python.org
> https://mail.python.org/mailman3/lists/python-ideas.python.org/
> Message archived at
> https://mail.python.org/archives/list/python-ideas@python.org/message/I3CDZAXGYVS33DJ4JEENGYMF4MY6BQ7O/
> Code of Conduct: http://python.org/psf/codeofconduct/
>
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/VMEPUO252ZSC6SCM7L5NNLHXUG7COXRB/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: "Curated" package repo?

2023-07-05 Thread Gregory Disney

Why not just use gpg signatures and maintain trusted signing keys? There’s
no reason to reinvent the wheel. If a user wants to use a unsigned or
untrusted packages, they have to accept the risk.

Thanks,
Greg

On Wed, Jul 5, 2023 at 2:05 PM Chris Angelico  wrote:

> On Thu, 6 Jul 2023 at 03:57, James Addison via Python-ideas
>  wrote:
> > I also agree with a later reply about avoiding the murkier side of
> blockchains / etc.  That said, it seems to me (again, sample size one
> anecdata) that creating a more levelled playing field for package
> publication could benefit from the use of some distributed technologies.
> Even HTTP mirrors are, arguably, a basic form of that.. there's at least
> one question related to recency of data, though.  Delaying availability of
> a package to an audience -- if it's important enough -- could under some
> circumstances become effectively similar to censorship.
> >
>
> A blockchain won't solve anything here. It would be completely and
> utterly impractical to put the packages themselves into a blockchain,
> so all you'd have is the index, and that means it's just a bad version
> of PyPI's own single-page index.
>
> ChrisA
> ___
> Python-ideas mailing list -- python-ideas@python.org
> To unsubscribe send an email to python-ideas-le...@python.org
> https://mail.python.org/mailman3/lists/python-ideas.python.org/
> Message archived at
> https://mail.python.org/archives/list/python-ideas@python.org/message/PTIS3HZHJSFV7ETWE7UP4HKXS4WN2OEO/
> Code of Conduct: http://python.org/psf/codeofconduct/
>
___
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/NYQSV7RO3GKE7272WZQ7VSIASNYKITMI/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-ideas] Re: "Curated" package repo?

[Python-ideas] Re: "Curated" package repo?

2 matches

Site Navigation

Mail list logo

Footer information