From 95fb81abc10fe5527bc74853d7104a42f764d054 Mon Sep 17 00:00:00 2001 From: John-Mark Gurney Date: Tue, 4 Feb 2020 01:21:01 -0800 Subject: [PATCH] minor notes.. --- NOTES.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/NOTES.md b/NOTES.md index 4388362..1c59fc0 100644 --- a/NOTES.md +++ b/NOTES.md @@ -2,6 +2,8 @@ Aliases: from a local file, kinda like requirements.txt, maps name to hash, either package/module name, or an author/public key name. + This has to be treated specially. If two aliases appear to be the same, but one is fetched a "secure" IPFS hash, it MUST be compared w/ what ever secure hash the two aliases had in common. Otherwise a malicious package could "pretend" that it hash the sha256 that's the same, but provide a bad IPFS hash, and then we'd load the malicous package instead + Example: from cas.a.jmg.utils import aiter, anext @@ -20,3 +22,21 @@ Features: git(?)hub? init cache: + +Loading resources from yourself (package): + sys.modules[__name__] returns a valid module while your are being initalized, even for __main__, though may not work due to it not being a package, but probably can be emulated via __file__ + use importlib.resources: https://docs.python.org/3.7/library/importlib.html#module-importlib.resources + > Loaders that wish to support resource reading should implement a get_resource_reader(fullname) method as specified by importlib.abc.ResourceReader. + + +Hash options: + urn old ietf draft: https://datatracker.ietf.org/doc/draft-thiemann-hash-urn/ + - not up to date + hash-uri: https://github.com/hash-uri/hash-uri + - this looks best + multihash: https://github.com/multiformats/multihash + - no URI specification + ipfs uri: https://github.com/ipfs/in-web-browsers/blob/master/ADDRESSING.md + - not a hash, but useful for IPFS names + ni: https://tools.ietf.org/html/rfc6920 + - complicated, not well supported