On Tue, Aug 6, 2013 at 9:10 AM, holger krekel <hol...@merlinux.eu> wrote: > PyPI mirrors _are_ associated with PyPI and pypi.python.org. > (Why) Do do want to flatly rule out pip/pypi.python.org support > for managing mirrors?
Automatic mirror discovery opens extra security holes until we have found some way to tighten up the security in general. Once we have a way of verifying packages that work and that doesn't rely on the mirror you are using, we could add it back. Indeed, just having a json list makes sense. //Lennart _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig