On Aug 6, 2013, at 12:10 AM, holger krekel <hol...@merlinux.eu> wrote:
> On Mon, Aug 05, 2013 at 23:49 -0700, Noah Kantrowitz wrote: >> On Aug 5, 2013, at 11:09 PM, Christian Theune <c...@gocept.com> wrote: >> (...) >> Between now and the first DNS change, I would absolutely recommend any >> current public mirrors to redirect users to their new domain name if >> they intend to have one, and we'll do whatever we can to help make >> users aware of the switch. I would rather have a clear timeline with >> fewer steps than add another stage where we (PSF) are issuing >> redirects to non-PSF servers. Very very +1 on the easier >> bandersnatch-ing though, I really would love to see more mirrors out >> there, I just don't want them associated with PyPI or python.org, and >> I don't want pip to be trying to auto-discover them. > > PyPI mirrors _are_ associated with PyPI and pypi.python.org. > (Why) Do do want to flatly rule out pip/pypi.python.org support > for managing mirrors? > > The perl CPAN mirroring provides this nice little machine-readable file: > > http://www.cpan.org/indices/mirrors.json > > and a python-equivalent could be consumed by pip, i guess. Because at this time there is no Python package installer that can install from a public mirror in a way that makes me comfortable supporting it as an official resource. This could be addressed in pip by verifying the /simple signatures, but this mostly precludes improved mirroring mechanisms like that used by Crate. More to the point, I as the head of infrastructure am responsible for *.python.org, but if there is an issue with a mirror, be it downtime, server compromise, or anything else, me and my team can't do anything to fix that. This is, again, not a situation I am comfortable with. --Noah
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
