Remote imports for Python?
Remote imports for Python?
Posted Aug 30, 2017 5:04 UTC (Wed) by josh (subscriber, #17465)In reply to: Remote imports for Python? by luto
Parent article: Remote imports for Python?
Or the hash of a public key matching the private key the module is signed with.
Posted Aug 30, 2017 6:53 UTC (Wed)
by mokki (subscriber, #33200)
[Link] (1 responses)
99% of security bugs reported against java in the last 5 years have been about remote code escaping the sandbox.
Why would python want that security circus? It just makes the language seem bad when actually 99.9% of code never uses the remote execute feature and thys does not even enable the sandbox.
Enabling this in python without sandbox would be security nightmare and supporting a sandbox is known to be security nightmare.
Posted Aug 31, 2017 19:32 UTC (Thu)
by k8to (guest, #15413)
[Link]
That aside, the proposal for supporting it with a hash seems sort of vaguely OK, but I don't see the point. If you know the content you want to run ahead of time, why do you need to load it dynamically? I expect the major use pattern at that point will be people who write some code to generate the hash dynamically and then httpimport it, or in other words, the path of laziness.
Posted Sep 1, 2017 13:52 UTC (Fri)
by syops (guest, #115198)
[Link]
I do find myself wishing Subresource Integrity could be generalized to work with any HTTP GET. As it stands, SRI provides the resource in the src or href attribute, and the hash (or signature?) in a separate attribute. But that doesn't help with any arbitrary simple http application or library. Requests, pip and our favorite Then again, there's always IPFS. As I understand it, with IPFS, the hash is the address of the content.
Remote imports for Python?
Remote imports for Python?
Remote imports for Python?
curl | sudo bash aren't designed to checksum the data they're fetching. I'd like to think this could be solved in a future implementation of http (maybe rolling hashes could be used to avoid the pitfall of the client having to stage and hash a very large download before writing it to disk), but I'm a dreamer.