> What about restricting the mirrors to the non web part in that case ? I think MAL is talking about a completely different setup: the unofficial mirror. The unofficial mirror doesn't follow any protocol; it's just a mirror of PyPI using the standard API to fetch all data available. People have been operating unofficial mirrors of various qualities for several years.
Now, MAL is then concerned about malicious users of unofficial servers. They might try to get their mirror high-ranking in Google, and then redirect regular PyPI users to them. There isn't anything that the PEP can do about that. There has only been one such malicious mirror in the past. The PSF legal council was fairly helpful in dealing with that case. Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
