This is something I've recently thought about; perhaps you wouldn't mind some points?
1) I've been running 'file' via os.popen, and I've had trouble with it incorrectly spotting file types (Fedora Core 1). I can name a specific example where it thinks a plain text README file is HTML (despite that the configuration file for 'file' at least looks right). That makes me suspicious of its ability to spot more obscure types. (No, I haven't tried to get the latest 'file'; the days are long but they are filled with negative time and in the end I don't always get done what I should.) 2) Watch out for someone giving you, say, a bogus /bin/ls in a .zip file. You may want to look into chroot (which I believe requires you to run as root), or at least examine the output of "unzip -l" 3) You might also have to worry about the possibility that unpacking a bundle will fill up your disk's partition. At least for a while you hold both the bundle and the unpacked bundle. 4) Using os.popen to unpack the bundle has a lot of advantages, including that during debugging you can test the stuff from the command line and feel that you completely understand which steps are working (I think I use popen2, IIRC, and capture stderr for error messages). Perhaps this is mostly a reflection on me as a programmer :-} but I found the job surprisingly tricky. Jim -- http://mail.python.org/mailman/listinfo/python-list
