It will probably wind up working more like every other package manager I'm familiar with, where you have a "sources.d" that lists the repositories you would like to search. Use Plone, add their repository to the list.
We also seem to be making good progress on "contact the central repository much less often" by keeping local copies of the packages you actually need. The most frustrating thing about pypi being down was that you already had a virtualenv with all the packages you actually needed, but maybe you couldn't re-install them elsewhere without contacting pypi again. Wheel signatures are handy because they travel with the archive but the eventual security system will probably look very different, at most taking advantage of the feature when available but doing something else for sdists. The trust chain is the tricky part. _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
