On Monday, February 11, 2013 at 2:01 AM, Lennart Regebro wrote:
> On Sun, Feb 10, 2013 at 11:20 PM, Jesse Noller <[email protected] > (mailto:[email protected])> wrote: > > OK, so, I think there's a lot of stuff conflated here. It'll probably help > > to simplify things if we decouple them. > > > > First, the point about serving metadata over a secure channel and data over > > a cheap one is right on. Given the size of your metadata versus actual data, > > maintaining a central metadata service but not caring about where/how data > > is hosted is the right way to go. Note that that channel doesn't have to be > > SSL- a verifying cert on device would still give you everything you needed. > > > > Note that for stability reasons, we still care where it's hosted. It > should be hosted on PyPI, unless you explicitly say to use another > server. This is because otherwise you might in a bigger system need to > fetch the files from four different servers, and then you have four > separate single points of failure when installing. > > Caching may be a solution here, but apparently there were legal issues > around that, so lets not. > > //Lennart I was quoting geremy; who was in turn critiquing giovanni's proposal _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
