[Python-ideas] Re: Enhancing Zipapp

2020-01-13 Thread Abdur-Rahmaan Janhangeer
Yours, Abdur-Rahmaan Janhangeer pythonmembers.club | github Mauritius On Wed, Jan 8, 2020 at 8:08 PM Christopher Barker wrote: > > >> Maybe we can have a PYZ directory where the >> packages for each app are extracted then

[Python-ideas] Re: Enhancing Zipapp

2020-01-09 Thread Paul Moore
> Not negative at all, i'm going to do it. Further up in the thread Mr. Barry > Scott proposed the reviewing > of available solutions and further up i put it in the todo list. I'm doing > it, just that there's no way of putting > a Python thread to "stop mode - author addressing issues". lol,

[Python-ideas] Re: Enhancing Zipapp

2020-01-09 Thread Abdur-Rahmaan Janhangeer
Yours, Abdur-Rahmaan Janhangeer pythonmembers.club | github Mauritius On Thu, Jan 9, 2020 at 10:53 PM Paul Moore wrote: > On Thu, 9 Jan 2020 at 18:15, Abdur-Rahmaan Janhangeer < > arj.pyt...@gmail.com> wrote: > Maybe I'm

[Python-ideas] Re: Enhancing Zipapp

2020-01-09 Thread Paul Moore
On Thu, 9 Jan 2020 at 18:15, Abdur-Rahmaan Janhangeer wrote: > > I have taken Java as an example (you can refer to the draft here > ) > as Python > shares some similarities in having a VM, having bytecodes and being >

[Python-ideas] Re: Enhancing Zipapp

2020-01-09 Thread Abdur-Rahmaan Janhangeer
On Thu, Jan 9, 2020 at 3:29 PM Paul Moore wrote: > Thanks Mr. Paul Moore, co-author of PEP441 for contributing to the discussion. Enchanté, as you say in French  > But you haven't explained what problem adding metadata would solve. Writing here at the same time for more points below asking

[Python-ideas] Re: Enhancing Zipapp

2020-01-09 Thread Paul Moore
On Thu, 9 Jan 2020 at 11:00, Abdur-Rahmaan Janhangeer wrote: > This proposal is not solving any problem at all > -- > This proposal aims at enhancing zipapp. Zipapp solved the problem. Zipapp > had an aim. This proposal aims at helping

[Python-ideas] Re: Enhancing Zipapp

2020-01-09 Thread Abdur-Rahmaan Janhangeer
On Thu, 9 Jan 2020, 12:38 Chris Angelico, wrote: > > So you're offering no real benefits (since you have to be online to > verify the app), and you pay the price of bundling everything. Great. > If you've read the thread, i'm saying i did not propose a concrete signing solution since i'm still

[Python-ideas] Re: Enhancing Zipapp

2020-01-09 Thread Chris Angelico
On Thu, Jan 9, 2020 at 7:10 PM Abdur-Rahmaan Janhangeer wrote: > Now you'd be asking why dependencies have to be offline while sigining > online. Well pulling dependencies from pip is like a normal python project. > The zip advantage would just be a smaller code base. The app-like idea > is to

[Python-ideas] Re: Enhancing Zipapp

2020-01-09 Thread Abdur-Rahmaan Janhangeer
Yours, Abdur-Rahmaan Janhangeer pythonmembers.club | github Mauritius On Thu, Jan 9, 2020 at 9:10 AM Andrew Barnert wrote: > > On Jan 8, 2020, at 12:04, Abdur-Rahmaan Janhangeer > wrote: > > OK, but I don’t see how any scheme that looks like any of the usual ones > could be adapted to work.

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Andrew Barnert via Python-ideas
On Jan 8, 2020, at 12:04, Abdur-Rahmaan Janhangeer wrote: > > >> On Wed, 8 Jan 2020, 22:08 Andrew Barnert, wrote: >> >> But that generated zip B doesn’t have a trustable hash on it, so how can you >> execute it? > > > The issue of trust is solved by keys, i did > not propose something

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Barry Scott
> On 8 Jan 2020, at 16:02, Christopher Barker wrote: > > On Wed, Jan 8, 2020 at 1:49 AM Abdur-Rahmaan Janhangeer > wrote: > Have a look at this write up about the horror that is zip file name handling. > >

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Abdur-Rahmaan Janhangeer
On Wed, 8 Jan 2020, 22:08 Andrew Barnert, wrote: > > But that generated zip B doesn’t have a trustable hash on it, so how can > you execute it? > The issue of trust is solved by keys, i did not propose something concrete as i'm still looking into a viable scheme If you keep this all hidden

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Abdur-Rahmaan Janhangeer
On Wed, 8 Jan 2020, 22:14 Rhodri James, wrote: > On 08/01/2020 18:08, many people wrote lots of stuff... > > Folks, could we pick one list and have the discussion there, rather than > on both python-list and python-ideas? Getting *four* copies of Andrew's > emails is a tad distracting :-) >

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Abdur-Rahmaan Janhangeer
On Wed, 8 Jan 2020, 23:04 Brett Cannon, wrote: > > > > That's under-specified. What hash algorithm was used? How are you going to > specify it? > That was a sha256 demo. But then I can modify the signatures of any of these files by regenerating > them. Please trust me, this isn't simple to get

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Abdur-Rahmaan Janhangeer
On Wed, 8 Jan 2020, 21:29 Andrew Barnert, wrote: > > How does this solve the problem? A malicious program that could modify the > hash inside the info file could even more easily modify the hash at the end > of the zip. > > Existing systems deal with this by recognizing that you can’t prevent >

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Brett Cannon
On Wed, Jan 8, 2020 at 1:09 AM Abdur-Rahmaan Janhangeer < arj.pyt...@gmail.com> wrote: > > Yours, > > Abdur-Rahmaan Janhangeer > pythonmembers.club | github > Mauritius > > > On Wed, Jan 8, 2020 at 1:32 AM Brett Cannon wrote: > > > > > > This would be a packaging detail so not something to be

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Rhodri James
On 08/01/2020 18:08, many people wrote lots of stuff... Folks, could we pick one list and have the discussion there, rather than on both python-list and python-ideas? Getting *four* copies of Andrew's emails is a tad distracting :-) -- Rhodri James *-* Kynesim Ltd

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Andrew Barnert via Python-ideas
On Jan 8, 2020, at 01:09, Abdur-Rahmaan Janhangeer wrote: > > Using the wheel-included zip (A), we can generate another zip file (B) with > the packages installed. That generated zip file is then executed. But that generated zip B doesn’t have a trustable hash on it, so how can you execute it?

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Andrew Barnert via Python-ideas
On Jan 8, 2020, at 01:09, Abdur-Rahmaan Janhangeer wrote: > > But now, a malicious program might try to modify the info file > and modify the hash. One way to protect even the metadata is > to hash the entire content > > folder/ > file.py # we can add those in a folder if needed >

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Christopher Barker
On Wed, Jan 8, 2020 at 1:24 AM Abdur-Rahmaan Janhangeer < arj.pyt...@gmail.com> wrote: > But a thought on that -- you may be able to accomplish something similar >> with conda, "conda constructor", and "conda run". -- or a new tool built >> from those. The idea is that the first time you ran your

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Abdur-Rahmaan Janhangeer
On Wed, 8 Jan 2020, 02:15 Barry, wrote: > > Have a look at this write up about the horror that is zip file name > handling. > > https://marcosc.com/2008/12/zip-files-and-encoding-i-hate-you/ > > This has been a pain point at work. > Since zipapp did not touch the subject, i won't either unless

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Abdur-Rahmaan Janhangeer
On Wed, 8 Jan 2020, 11:09 Christopher Barker, wrote: > > But a thought on that -- you may be able to accomplish something similar > with conda, "conda constructor", and "conda run". -- or a new tool built > from those. The idea is that the first time you ran your "app", it would > install its

[Python-ideas] Re: Enhancing Zipapp

2020-01-08 Thread Abdur-Rahmaan Janhangeer
Yours, Abdur-Rahmaan Janhangeer pythonmembers.club | github Mauritius On Wed, Jan 8, 2020 at 1:32 AM Brett Cannon wrote: > > > This would be a packaging detail so not something to be specified in the stdlib. Yes, the module opening the zip will look for it >> - [ ] Signing mechanism >> >>

[Python-ideas] Re: Enhancing Zipapp

2020-01-07 Thread Abdur-Rahmaan Janhangeer
Yours, Abdur-Rahmaan Janhangeer pythonmembers.club | github Mauritius On Wed, Jan 8, 2020 at 2:20 AM Barry wrote: > > You are offing up a competitor against python wheels > This proposal proposes to inlcude python wheels in

[Python-ideas] Re: Enhancing Zipapp

2020-01-07 Thread Stephen J. Turnbull
Barry writes: > Have a look at this write up about the horror that is zip file name > handling. As I implied, I don't need to "read write-ups", *I live the horror.* Not daily, but always when I really don't want to spend the minutes. > This has been a pain point at work. I know your pain.

[Python-ideas] Re: Enhancing Zipapp

2020-01-07 Thread Barry
> On 7 Jan 2020, at 01:48, Abdur-Rahmaan Janhangeer > wrote: > >  > > >> On Tue, 7 Jan 2020, 01:57 Barry Scott, wrote: >> >> >> Please cover the pro's and con's of the alernatives that have been raised as >> comments >> on this idea, as is usually done for a PEP style document. > > >

[Python-ideas] Re: Enhancing Zipapp

2020-01-07 Thread Barry
> On 7 Jan 2020, at 02:40, Christopher Barker wrote: > >  > I’m a bit unclear on how far this goes: is it just a bit more specific with > more meta-data standards? > > Or are you aiming for something that will run without a Python install? > > Other issues: > > Are you aiming for a

[Python-ideas] Re: Enhancing Zipapp

2020-01-07 Thread Brett Cannon
Thanks for the ideas, Abdur-Rahmaan! Some feedback below. On Mon, Jan 6, 2020 at 11:35 AM Abdur-Rahmaan Janhangeer < arj.pyt...@gmail.com> wrote: > Note: draft simplified > > Abstract > == > > This extracts aims at proposing enhancements to the generated zipapp > executable > > Rationale >

[Python-ideas] Re: Enhancing Zipapp

2020-01-07 Thread Stephen J. Turnbull
Barry Scott writes: > Also beware that zip file format does not include the encoding of > the files that are in the zip file. The most recent zipfile format, which is now a decade or so old, does specify the encoding, for values of 0 = ASCII, 1 = UTF-8.[1] > This means that for practical

[Python-ideas] Re: Enhancing Zipapp

2020-01-06 Thread Abdur-Rahmaan Janhangeer
Yours, Abdur-Rahmaan Janhangeer pythonmembers.club | github Mauritius On Tue, Jan 7, 2020 at 6:40 AM Christopher Barker wrote: > I’m a bit unclear on how far this goes: is it just a bit more specific > with more meta-data

[Python-ideas] Re: Enhancing Zipapp

2020-01-06 Thread Christopher Barker
I’m a bit unclear on how far this goes: is it just a bit more specific with more meta-data standards? Or are you aiming for something that will run without a Python install? Other issues: Are you aiming for a bundle that can run on multiple platforms? If so, then it’ll have to have a way to

[Python-ideas] Re: Enhancing Zipapp

2020-01-06 Thread Abdur-Rahmaan Janhangeer
On Tue, 7 Jan 2020, 01:57 Barry Scott, wrote: > > > Please cover the pro's and con's of the alernatives that have been raised > as comments > on this idea, as is usually done for a PEP style document. > Thanks, i don't have much experience writing peps and if i don't bug you may i ask what

[Python-ideas] Re: Enhancing Zipapp

2020-01-06 Thread Barry Scott
> On 6 Jan 2020, at 19:34, Abdur-Rahmaan Janhangeer > wrote: > > Note: draft simplified Please cover the pro's and con's of the alernatives that have been raised as comments on this idea, as is usually done for a PEP style document. Also beware that zip file format does not include the