[ANN] urirequire: I got yer Web 2.0 right here

  if expected_digest
     raise "Wrong Hash - Expected '#{expected_digest}', recieved

'#{digest}'"

what sort of drugs am I on? Seemingly not the good ones.

if expected_digest
  raise "Wrong Hash - Expected '#{expected_digest}', received
'#{digest}'" unless digest == expected_digest

I actually think this has the potential of being a damn useful library.
Once you put in the hashing, I don't see why this is any more dangerous
than a gem. The only problem is that you'd need to modify your code to
upgrade to a newer version of a library, but there's not too much wrong
with that. If you're hashing the code, it's not allowed to be modified,
so you can keep a local cache of files and only download once.

Or, if you're just doing it with somewhere you can trust, you can just
use it within your own scripts and let them download the latest version
from a constantly-changing source.

···

#####################################################################################
This email has been scanned by MailMarshal, an email content filter.
#####################################################################################

Daniel Sheppard wrote:

if expected_digest
   raise "Wrong Hash - Expected '#{expected_digest}', recieved
   

'#{digest}'"

what sort of drugs am I on? Seemingly not the good ones.

if expected_digest
raise "Wrong Hash - Expected '#{expected_digest}', received
'#{digest}'" unless digest == expected_digest

I actually think this has the potential of being a damn useful library.
Once you put in the hashing, I don't see why this is any more dangerous
than a gem. The only problem is that you'd need to modify your code to
upgrade to a newer version of a library, but there's not too much wrong
with that. If you're hashing the code, it's not allowed to be modified,
so you can keep a local cache of files and only download once.

Or, if you're just doing it with somewhere you can trust, you can just
use it within your own scripts and let them download the latest version
from a constantly-changing source.

If you could adapt it so that it'll accept svn:// (or https I suppose), then you could even use it to keep libraries updated from a svn repo - which would be rather nice

Doesn't putting the hash in kind of defeat the purpose? If you know
exactly what the file should look like, you've probably downloaded it
already... and now it's local.

Regardless, ruby is fun.
  .adam sanderson

"Daniel Sheppard" <daniels@pronto.com.au> writes:

  if expected_digest
     raise "Wrong Hash - Expected '#{expected_digest}', recieved

'#{digest}'"

what sort of drugs am I on? Seemingly not the good ones.

Been wondering about that too...

  require 'digest/sha1'
  digest = Digest::SHA1.hexdigest('xx')

Always the same hash... :stuck_out_tongue_winking_eye:

···

--
Christian Neukirchen <chneukirchen@gmail.com> http://chneukirchen.org

I'm just guessing, but you were probably smoking hash, albeit the wrong hash.

···

On 11/1/05, Daniel Sheppard <daniels@pronto.com.au> wrote:

> if expected_digest
> raise "Wrong Hash - Expected '#{expected_digest}', recieved
'#{digest}'"

what sort of drugs am I on? Seemingly not the good ones.

--
Rob

actually, we need to write a ruby-based version control system. that would
be l33t ... just like urirequire :wink:
j.

···

On 11/1/05, Kev Jackson <kevin.jackson@it.fts-vn.com> wrote:

Daniel Sheppard wrote:

>> if expected_digest
>> raise "Wrong Hash - Expected '#{expected_digest}', recieved
>>
>>
>'#{digest}'"
>
>what sort of drugs am I on? Seemingly not the good ones.
>
>if expected_digest
> raise "Wrong Hash - Expected '#{expected_digest}', received
>'#{digest}'" unless digest == expected_digest
>
>
>I actually think this has the potential of being a damn useful library.
>Once you put in the hashing, I don't see why this is any more dangerous
>than a gem. The only problem is that you'd need to modify your code to
>upgrade to a newer version of a library, but there's not too much wrong
>with that. If you're hashing the code, it's not allowed to be modified,
>so you can keep a local cache of files and only download once.
>
>Or, if you're just doing it with somewhere you can trust, you can just
>use it within your own scripts and let them download the latest version
>from a constantly-changing source.
>
>
If you could adapt it so that it'll accept svn:// (or https I suppose),
then you could even use it to keep libraries updated from a svn repo -
which would be rather nice

--
"http://ruby-lang.org -- do you ruby?"

Jeff Wood

Christian Neukirchen wrote:

"Daniel Sheppard" <daniels@pronto.com.au> writes:

...

what sort of drugs am I on? Seemingly not the good ones.

Been wondering about that too...

...

Always the same hash... :stuck_out_tongue_winking_eye:

That's the problem. Need better hash.

James

···

--

http://www.ruby-doc.org - The Ruby Documentation Site
http://www.rubyxml.com - News, Articles, and Listings for Ruby & XML
http://www.rubystuff.com - The Ruby Store for Ruby Stuff
http://www.jamesbritt.com - Playing with Better Toys

Yes. But you could salvage the situation with PKI. So you'd specify
a public key to trust, perhaps by fingerprint:

require 'http://foo', 'A5EA B010 448C D0B9 FD2A 287C 9E15 33D7 5A7D 3120'

And require would fail unless the code is properly signed.

-Ed

···

On Thu, Nov 03, 2005 at 02:57:08AM +0900, Adam Sanderson wrote:

Doesn't putting the hash in kind of defeat the purpose? If you know
exactly what the file should look like, you've probably downloaded it
already... and now it's local.

Hmm... I like that idea a lot. What would you put into a ruby based
RCS that isn't already in SVN?

One neat thing I could see would be integration of a ruby based RCS
with rake, so you can just do rake update or something of the like.

Also... plugging in little ruby scripts to munge the repository in
various ways would be awesome :slight_smile:

···

On 11/2/05, Jeff Wood <jeff.darklight@gmail.com> wrote:

actually, we need to write a ruby-based version control system. that would
be l33t ... just like urirequire :wink:

I would say, we need some sort of "ioslaves" like KDE's. Then,
accessing a different location/protocol would be transparent for
applications.

My AR$ 0.02
Ed

···

On 11/2/05, Jeff Wood <jeff.darklight@gmail.com> wrote:

actually, we need to write a ruby-based version control system. that would
be l33t ... just like urirequire :wink:
j.

On 11/1/05, Kev Jackson <kevin.jackson@it.fts-vn.com> wrote:
>
> If you could adapt it so that it'll accept svn:// (or https I suppose),
> then you could even use it to keep libraries updated from a svn repo -
> which would be rather nice
>

--
Encontrá a "Tu psicópata favorito" http://tuxmaniac.blogspot.com
  
Thou shalt study thy libraries and strive not to reinvent them without cause,
that thy code may be short and readable and thy days pleasant and productive.
-- Seventh commandment for C programmers

I was looking at the open-uri code, and I think it is pretty easy to
expand. Well... maybe not easy, but it's doable.

Create a new URI Scheme class (example uri/ftp.rb) and add it to the
URI schemes defined in the URI module (defined in uri/common.rb).
Ensure that the URI defines direct_open(...) (see open-uri.rb) and
include open-uri's OpenRead module.

It would be conceivable to implement open-uri suppot for SSH for
example with the net-ssh library.

Anyways it's a thought, and that's all the spots to look in.
  .adam sanderson