[Steve Cassidy] is working on [Tclish] as the basis a of Tcl extension installer. As a part of that, he has created [TIP] 55 to discuss a format for code that gets installed. As an outgrowth of this, Steve created http://www.shlrc.mq.edu.au/~steve/cgi-bin/cantcl.cgi as a CGI interface to an extension repository. The code behind the CGI script is from my installer library discussed in [Tcl Based Installers]. Some procs are specific to supporting TIP55 style packages: installer::parse_description file -- parse a DESCRIPTION.txt file installer::validate_package dir -- is this package TIP55 legal? installer::pkginfo zipfile fields -- return some fields from a DESCRIPTION.txt file inside this zipfile installer::index_directory dir ?fields? -- return a list of package and thier info from the zipfiles in dir CANTCL seems to derive from Mac Cody: [http://groups.google.com/groups?q=CANTCL&hl=en&safe=off&rnum=3&selm=3B12AE9D.65A2BADC%40home.com] Comprehensive Archive Network for TCL. Related pages: [ETEN], [STEP] ([SEE], [WOBBLE]) [Tcl Repository Wish List]. [davidw] - why not write the description file in Tcl? Tcl already has a parser:-) My motivation was to make the syntax _simpler_ than having it in tcl, the 'parser' for the rfc format is only a few lines of code anyway. CF: Identity: mypackage Version: 1.0.0 with set pkginfo(identity) {mypackage} set pkginfo(version) {1.0.0} I'm also concerned about sourcing tcl files even with the checks and controls around tcl safe interpreters. I don't want to entertain the possibility of someone exploiting a safe-tcl bug by uploading a rogue package. You're right about the security issue however - Tcl is powerful, so dangerous in malicious hands... You might remove the [exec], [file] and other commands from the interpreter, and rename [exit] to something only you can call... ---- [RS]: But this example is *so* easily done in Tcl, as we are so free in our language: proc Identity: name {set ::pkginfo(identity) $name} proc Version: number {set ::pkginfo(version) $number} This way you can write like in the first example, but still let Tcl parse it (and raise errors for missing or excess argument etc.) without us having to do the parsing. For security issues, you might remove the [exec] and [file] commands, and rename [exit] to something only you can call... ---- [SC] except for the allowed multi-line values: Description: this is a packages which is terribly terribly terribly useful to many people. The parser is easier to write than dealing with the issues of having a config file be code.