On May 28, 2013, at 2:57 AM, holger krekel <hol...@merlinux.eu> wrote:
> On Tue, May 28, 2013 at 07:42 +0100, Paul Moore wrote: >> On 28 May 2013 02:53, Donald Stufft <don...@stufft.io> wrote: >> >>> Figured it out. >>> >>> Use HTTPS. >>> >> >> Can I suggest that if the new CDN means that there are additional >> restrictions on what is supported (I've used the XMLRPC API without https >> in one-off scripts in the past) then the officially supported API should be >> properly documented once and for all in a PEP, including some sort of >> "what's new" or "rationale" section describing the various changes that >> have occurred recently and their impact on user code? > > I second this. I am building tools that interact with PyPI and people > and customers are using them. I don't want to find a switch announced > which breaks them and then hear "sorry, that's the future now" without > this future being documented and discussed before the fact. The PyPI > infrastructure and its supported tool interactions today are as important as > evolving the language itself so PEPs are warranted. As with PEP438 i am > willing to help this process. > >> I'm purely a casual user of the PyPI API and the discussion of these >> changes haa mostly gone over my head. The one thing I've taken away from it >> is that I may get problems if I just google for sample code to use. For >> example, the above comment implies that >> http://wiki.python.org/moin/PyPIXmlRpc (AIUI, the nearest to formal >> documentation that the XMLRPC API has) is wrong (as it uses http). >> >> I do appreciate all the work that is going on to improve the PyPI >> infrastructure. I'm not saying the changes should be reverted, just that >> the consequences should be clearly explained. > > I also appreciate Noah's and Donald's CDN work here, up to the point where > it breaks things for unclear reasons. Reasons which might very well > be valid, nevertheless! > > best, > holger Moving to a CDN has been discussed before on either catalog-sig or distutils-sig (Can't recall which offhand). Weekly status updates were posted to the infrastructure list as well as the communication between us and Fastly as we ironed out SSL issues. The mirroring issue pre-invalidation was quickly corrected. We now invalidate and we are looking at a window that is at most a few seconds large. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
