[Catalog-sig] Proposal: Move PyPI static data to the cloud for better availability
Jesus Cea
jcea at jcea.es
Tue Jun 15 20:21:41 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 15/06/10 19:45, M.-A. Lemburg wrote:
> Note that with community servers that only mirror once a day,
> you'd have to wait up to a whole day for your package updates
> to become visible worldwide.
But TODAY mirror use is voluntary and per-user. That is, you use a
mirror because you want, not because pypi is pushing you around
transparently. I don't use mirrors so far, because pypi inestability
hasn't hit me so far, and because I don't "trust" mirrors (see next
paragraph).
I read pep 381 long time ago and I don't remember how/when a mirror
would update, but I do remember it doesn't mandate digital signatures
(signed by pypi central node, verified by setuptools&friends). That is a
big gap, in my opinion.
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
. _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQCVAwUBTBfEtZlgi5GaxT1NAQKuKAP/YUTRh9GXAlEa8X5trvnUsWmS6KRgxSIz
jxB35L9WwWKR0FMzeay1ThvOoiz5aXlrqGaBbEZiPjr3UuWMXRf+WSh2RoylEher
f5i8pxwwBwopVCKbRx07nWsroJUH9oIFYmTY/IIidqjh8UNL+FBBRCSRuFyay/H/
W/zxzjAFxuc=
=UVuI
-----END PGP SIGNATURE-----
More information about the Catalog-SIG
mailing list