On Tue, Aug 6, 2013 at 9:10 AM, holger krekel <[email protected]> wrote: > PyPI mirrors _are_ associated with PyPI and pypi.python.org. > (Why) Do do want to flatly rule out pip/pypi.python.org support > for managing mirrors?
Automatic mirror discovery opens extra security holes until we have found some way to tighten up the security in general. Once we have a way of verifying packages that work and that doesn't rely on the mirror you are using, we could add it back. Indeed, just having a json list makes sense. //Lennart _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
