On 7 February 2013 13:40, <[email protected]> wrote:
>
> Zitat von Jesse Noller <[email protected]>:
>
>
>> I don't think we need to transfer the domain to the PSF, but it should
>> definitely be hosted on our cluster at OSU
>
>
> It should continue to live on the very same machine (i.e. PyPI)
> as it is now.
That was my intention. I was just going to configure the web server to
handle the new domain and point at the same storage area that PyPI
currently dumps stuff into.
Then Jesse said:
> It's user uploaded content we already know to be unsafe, that we're putting
> on a different domain. Why host it on the same box when we already know VM
> isolation reduces the attack surface of each VM?
I'd rather keep it on the same host to simplify the configuration; all
I need to do is configure another vhost in the current setup to handle
the new name. Moving the files to some other VM would require some
(significant, I think) work in PyPI to support handling storing the
files non-locally.
Isn't the risk pretty minimal given the content is all static?
Richard
_______________________________________________
Catalog-SIG mailing list
[email protected]
http://mail.python.org/mailman/listinfo/catalog-sig
