What size keys? On Apr 9, 2013 1:23 AM, "Trishank Karthik Kuppusamy" <t...@students.poly.edu> wrote:
> On 4/9/13 1:17 AM, Justin Cappos wrote: > >> His 29MB and 58MB numbers assume that every developer has their own key >> right now. We don't think this is likely to happen and propose >> initially signing everything that the developers don't sign with a >> single PyPI key. >> >> It also assumes there are no abandoned packages / devel account. I >> also think many devels won't go back and sign all old versions of their >> software. So my number is definitely a back of the envelope >> calculation using Trishank's data. Trishank's calculations are much >> more expressive, but are the "worst case" size. >> > > Correct. Justin based his back-of-the-envelope calculation on some very > rough prior estimates of mine, so they may be a little off. Nevertheless, > our argument remains: sharing a key across, say, a thousand packages will > certainly reduce the metadata by quite a bit. Combine that with compression > or difference schemes, and you get even more savings. > >
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
