On Sun, Jun 2, 2013 at 5:10 PM, holger krekel <[email protected]> wrote: > If pypi has no idea about namespaces (like i considered them in my other post) > then using namespaces do not really provide much. Someone can still come > along > and publish within that pseudo-namespace. I would think the goal of > pypi-namespaces would be to give a group control over anything that's > released using it, allowing to communicate install-users certain guarantees. > > However, before further discussion i think there first needs to be more > reasoning and stating of practical problems with the current > anyone-can-register-anything-that's-not-taken model.
TUF actually has native support for prefix delegation, but actually *using* that is a long way down the todo list at the moment. Static dependency metadata publication and end-to-end signature support are well ahead of it and will likely keep us collectively busy for a while yet. Cheers, Nick. -- Nick Coghlan | [email protected] | Brisbane, Australia _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
