On 23 December 2014 at 04:15, Vladimir Diaz <vladimir.v.d...@gmail.com> wrote:
> On Mon, Dec 22, 2014 at 11:30 AM, Nick Coghlan <ncogh...@gmail.com> wrote: > >> From my perspective, the split into two PEPs meant most of the areas I >> have doubts about have been moved to the end-to-end security model in PEP >> 480, leaving PEP 458 to cover the simpler task of securing the link from >> PyPI to the end user in such a way that public mirrors of packages can be >> trusted to accurately reflect the content published by PyPI. >> > > I think splitting the proposal into two PEPs was the right decision. We > hope working with Donald on the end-to-end security model (PEP 480), and > feedback from the community will help to address any remaining questions. > Excluding the end-to-end option from the revised version of PEP 458 also > made room for an overview of the metadata and framework, which was > requested by multiple members of the community. > An off-list question from Richard made me realise we should likely retitle the two PEPs slightly. I'd suggest the following names: PEP 458: Surviving a compromise of the PyPI CDN PEP 480: Surviving a compromise of PyPI That encapsulates the difference between the threat model of the two PEPs in a way that the current titles don't quite convey (the reduced scope of PEP 458 in particular means that the current title is actually outright wrong - protecting against a compromise of PyPI itself is the scope that was moved to PEP 480). The reduced scope of PEP 458 also still protects against the compromise of read-only mirrors, but I don't think we need to try to capture that directly in the title. Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig