On 4/9/13 1:17 AM, Justin Cappos wrote:
His 29MB and 58MB numbers assume that every developer has their own key
right now. We don't think this is likely to happen and propose
initially signing everything that the developers don't sign with a
single PyPI key.
It also assumes there are no abandoned packages / devel account. I
also think many devels won't go back and sign all old versions of their
software. So my number is definitely a back of the envelope
calculation using Trishank's data. Trishank's calculations are much
more expressive, but are the "worst case" size.
Correct. Justin based his back-of-the-envelope calculation on some very
rough prior estimates of mine, so they may be a little off.
Nevertheless, our argument remains: sharing a key across, say, a
thousand packages will certainly reduce the metadata by quite a bit.
Combine that with compression or difference schemes, and you get even
more savings.
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig
