Not really trying to tell Vinay to rewrite his script, but IMHO if you expect it unzip is a lot easier than file.write(module.random_attribute.decode('base64')). The runnable zip feature is awesome, not well enough known, and totally worth promoting over the shar pattern; with some minimal tooling you'd be good to go.
On Thu, Mar 28, 2013 at 10:44 AM, Philippe Ombredanne <pombreda...@nexb.com> wrote: > On Thu, Mar 28, 2013 at 2:33 PM, Vinay Sajip <vinay_sa...@yahoo.co.uk> wrote: >>> From: Philippe Ombredanne <pombreda...@nexb.com> >>> On the other hand, I find it somewhat discomforting as an emerging >>> best way to package and distribute self-contained bootstrap scripts. > >>> Virtualenv does it, distil is doing it now, pip tried some of it here >>> https://github.com/pypa/pip/blob/develop/contrib/get-pip.py >>> In contrast, buildout, distribute and setuptools bootstrap scripts do >>> not embed their dependencies and either try to get them satisfied >>> locally or attempt to download the requirements. >> >> And all this time, they would have been vulnerable to a MITM attack >> on PyPI because PyPI didn't support verifiable SSL connections >> until recently. It's good to be cautious, but Bruce Schneier has >> plenty of stories about caution directed in the wrong directions. > > I am not so worried about security... I brought the point here because > this is the packaging and distribution list, and I see this as an > emerging pattern for the packaging and distribution of bootstrap > scripts and this is something that has not been discussed much before. > > Conceptually I find these no different from setup.py scripts, and > these have been mostly normalized (or at the minimum have a > conventional name and a conventional if not specified interface.) > > Yet today, for the all important core package and environment > management tools, we have bootstrap scripts each with different > interfaces and different approaches to self containment or no > containment. > > I feel this is worth discussing as bootstrapping is where everything begins :) > > -- > Philippe Ombredanne > > +1 650 799 0949 | pombreda...@nexb.com > DejaCode Enterprise at http://www.dejacode.com > nexB Inc. at http://www.nexb.com > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > http://mail.python.org/mailman/listinfo/distutils-sig _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig