Re: [Python-ideas] Remote package/module imports through HTTP/S

On 24 August 2017 at 05:04, John Torakis wrote: > Dark times... > > So is it a "case closed", or is there any improvement that will make it > worth it to be an stdlib module? Not really, as even aside from the security concerns, there are simply too many ways that it can

Re: [Python-ideas] Remote package/module imports through HTTP/S

John Torakis writes: > But, as it seems like it is a very big feature (to me at least), And "pip install httpimport" seems like it is a very small burden (to me at least). I agree with Paul Moore. Putting this in the stdlib seems both unnecessary, given pip, and an attractive nuisance for

Re: [Python-ideas] Remote package/module imports through HTTP/S

On Thu, Aug 24, 2017 at 12:13 PM, Stephen J. Turnbull wrote: > Chris Angelico writes: > > > If you're worried about the latter, don't use httpimport. > > I guarantee you that in my (university) environment, if httpimport is > in the stdlib, its use will be

Re: [Python-ideas] Remote package/module imports through HTTP/S

Chris Angelico writes: > If you're worried about the latter, don't use httpimport. I guarantee you that in my (university) environment, if httpimport is in the stdlib, its use will be rampant (and not just by students, but by security-oblivious faculty). I want to be able to walk up to a

Re: [Python-ideas] Remote package/module imports through HTTP/S

On 23/08/2017 22:06, Chris Angelico wrote: > On Thu, Aug 24, 2017 at 5:04 AM, John Torakis wrote: >> Dark times... >> >> So is it a "case closed", or is there any improvement that will make it >> worth it to be an stdlib module? >> >> I mean, times have changed from

Re: [Python-ideas] Remote package/module imports through HTTP/S

On Thu, Aug 24, 2017 at 5:04 AM, John Torakis wrote: > Dark times... > > So is it a "case closed", or is there any improvement that will make it > worth it to be an stdlib module? > > I mean, times have changed from 1995, and I am not referring to HTTPS > invention. This

Re: [Python-ideas] Remote package/module imports through HTTP/S

Dark times... So is it a "case closed", or is there any improvement that will make it worth it to be an stdlib module? I mean, times have changed from 1995, and I am not referring to HTTPS invention. This is the reason that makes httpimport just tolerable security-wise. I'm talking about the

Re: [Python-ideas] Remote package/module imports through HTTP/S

For security reasons. AFAIK HTTPS wasn't even invented at the time. On Wed, Aug 23, 2017 at 11:44 AM, John Torakis wrote: > > > On 23/08/2017 21:41, Guido van Rossum wrote: > > This isn't ever going to be a standard feature. It's available as a > third-party package and

Re: [Python-ideas] Remote package/module imports through HTTP/S

On 23/08/2017 21:41, Guido van Rossum wrote: > This isn't ever going to be a standard feature. It's available as a > third-party package and that's fine. > > I'd like to add a historic note -- this was first proposed around 1995 > by Michael McLay. (Sorry, I don't have an email sitting around,

Re: [Python-ideas] Remote package/module imports through HTTP/S

On 23/08/2017 21:24, Paul Moore wrote: > On 23 August 2017 at 18:49, Chris Angelico wrote: >> Still -1 on this becoming a stdlib package, as there's nothing I've >> yet seen that can't be done as a third-party package. But it's less >> scary than I thought it was :) > IMO,

Re: [Python-ideas] Remote package/module imports through HTTP/S

This isn't ever going to be a standard feature. It's available as a third-party package and that's fine. I'd like to add a historic note -- this was first proposed around 1995 by Michael McLay. (Sorry, I don't have an email sitting around, but I'm sure he brought this up at or around the first

Re: [Python-ideas] Remote package/module imports through HTTP/S

On 23 August 2017 at 18:49, Chris Angelico wrote: > Still -1 on this becoming a stdlib package, as there's nothing I've > yet seen that can't be done as a third-party package. But it's less > scary than I thought it was :) IMO, this would make a great 3rd party package (I note

Re: [Python-ideas] Remote package/module imports through HTTP/S

On 23/08/2017 21:11, Chris Angelico wrote: > On Thu, Aug 24, 2017 at 4:04 AM, Bruce Leban wrote: >> On Wed, Aug 23, 2017 at 10:37 AM, John Torakis >> wrote: >>> >>> Github can be trusted 100% percent for example. >> >> This isn't even remotely close to

Re: [Python-ideas] Remote package/module imports through HTTP/S

On 23/08/2017 20:49, Chris Angelico wrote: > On Thu, Aug 24, 2017 at 3:37 AM, John Torakis wrote: >> >> On 23/08/2017 20:36, John Torakis wrote: >>> Yeah, I am a security researcher, I am keen on backdoor programming and >>> staging and all that! It is my official job

Re: [Python-ideas] Remote package/module imports through HTTP/S

On 23/08/2017 21:04, Bruce Leban wrote: > > On Wed, Aug 23, 2017 at 10:37 AM, John Torakis > wrote: > > > Github can be trusted 100% percent for example. > > > This isn't even remotely close to true. While I'd agree with the >

Re: [Python-ideas] Remote package/module imports through HTTP/S

On Thu, Aug 24, 2017 at 4:04 AM, Bruce Leban wrote: > > On Wed, Aug 23, 2017 at 10:37 AM, John Torakis > wrote: >> >> >> Github can be trusted 100% percent for example. > > > This isn't even remotely close to true. While I'd agree with the statement > that

Re: [Python-ideas] Remote package/module imports through HTTP/S

On Wed, Aug 23, 2017 at 10:37 AM, John Torakis wrote: > > Github can be trusted 100% percent for example. This isn't even remotely close to true. While I'd agree with the statement that the SSL cert on github is reasonably trustworthy, the *content* on github is NOT

Re: [Python-ideas] Remote package/module imports through HTTP/S

On Thu, Aug 24, 2017 at 3:37 AM, John Torakis wrote: > > > On 23/08/2017 20:36, John Torakis wrote: >> Yeah, I am a security researcher, I am keen on backdoor programming and >> staging and all that! It is my official job and research topic! I go to >> the office and code

Re: [Python-ideas] Remote package/module imports through HTTP/S

Bounced back on list Forwarded Message Θέμα: Re: [Python-ideas] Remote package/module imports through HTTP/S Ημερομηνία: Wed, 23 Aug 2017 20:36:19 +0300 Από:John Torakis <john.tora...@gmail.com> Προς: Chris Angelico <ros...@gmail.com> Yeah, I a

Re: [Python-ideas] Remote package/module imports through HTTP/S

On 23/08/2017 20:36, John Torakis wrote: > Yeah, I am a security researcher, I am keen on backdoor programming and > staging and all that! It is my official job and research topic! I go to > the office and code such stuff! I am not a blackhat, nor a security > enthusiast, it is my job. > > >

Re: [Python-ideas] Remote package/module imports through HTTP/S

Hi! On Wed, Aug 23, 2017 at 07:55:00PM +0300, John Torakis wrote: > Hello all! > > Today I opened an issue in bugs.python.org > (http://bugs.python.org/issue31264) proposing a module I created for > remote package/module imports through standard HTTP/S. The issue is

Re: [Python-ideas] Remote package/module imports through HTTP/S

On Thu, Aug 24, 2017 at 2:55 AM, John Torakis wrote: > Hello all! > > Today I opened an issue in bugs.python.org > (http://bugs.python.org/issue31264) proposing a module I created for > remote package/module imports through standard HTTP/S. > > The concept is that, if a

[Python-ideas] Remote package/module imports through HTTP/S

Hello all! Today I opened an issue in bugs.python.org (http://bugs.python.org/issue31264) proposing a module I created for remote package/module imports through standard HTTP/S. The concept is that, if a directory is served through HTTP/S (the way SimpleHTTPServer module serves directories), a