On Sun, Feb 10, 2013 at 11:20 PM, Jesse Noller <[email protected]> wrote: > OK, so, I think there's a lot of stuff conflated here. It'll probably help > to simplify things if we decouple them. > > First, the point about serving metadata over a secure channel and data over > a cheap one is right on. Given the size of your metadata versus actual data, > maintaining a central metadata service but not caring about where/how data > is hosted is the right way to go. Note that that channel doesn't have to be > SSL- a verifying cert on device would still give you everything you needed.
Note that for stability reasons, we still care where it's hosted. It should be hosted on PyPI, unless you explicitly say to use another server. This is because otherwise you might in a bigger system need to fetch the files from four different servers, and then you have four separate single points of failure when installing. Caching may be a solution here, but apparently there were legal issues around that, so lets not. //Lennart _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
