On Sep 28, 2013, at 10:16 PM, Nick Coghlan <ncogh...@gmail.com> wrote:
> On 29 September 2013 11:10, Noah Kantrowitz <n...@coderanger.net> wrote: >> +1 >> >> --Noah > > Deprecating it as a consequence of PEP 449 makes sense, but is there > any urgency to dropping it? > > I'm not necessarily opposed to removing it, but what's the specific > *gain* in doing so? If it's just a matter of wanting to skip > implementing it for Warehouse, then I'd say +1 to leaving it out of > the API reimplementation, but I don't yet see the advantage in > removing it from the existing PyPI code base. > > If we do remove it, then it should probably only be after all the old > autodiscovery domain names have been redirected back to the main PyPI > server. > > Cheers, > Nick. > > -- > Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia Well the underlying reason is I think it's a dead end and I don't want to implement it in Warehouse. The reason for wanting to remove it *now* instead of just letting it naturally die when Warehouse becomes a thing is to remove the (unlikely) chance that someone starts to depend on it in the interim. Basically since afaik nobody even uses it (Crate did for awhile and I had to disable it because of false failures) the risk is minimal to removing it outright to prevent it from being used. Plus if the secret key has leaked (unlikely but possible given the implementation and the use of DSA) it's not just "cruft" it's outright dangerous. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
