[Catalog-sig] Proposal: Move PyPI static data to the cloud for better availability
Jesus Cea
jcea at jcea.es
Wed Jun 16 00:11:14 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 15/06/10 22:04, "Martin v. Löwis" wrote:
>> I read pep 381 long time ago and I don't remember how/when a mirror
>> would update, but I do remember it doesn't mandate digital signatures
>> (signed by pypi central node, verified by setuptools&friends). That is a
>> big gap, in my opinion.
>
> The PEP doesn't explain the digital signing that is going on in
> mirroring. See
>
> http://mail.python.org/pipermail/catalog-sig/2009-March/002018.html
>
> This is fully implemented (except that client would need to verify the
> signatures, and except key rollover hasn't happened yet).
Could I ask pep381 to be updated?.
- --
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea at jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/_/_/_/
. _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQCVAwUBTBf6gplgi5GaxT1NAQJh6AP/T0pyein9GQ2ZmsL1JOxQOdGMhZfg7Jxu
go2WuHgrV2Jog7koQFDaX0y/gwTonW5w9AWRcsbQTbOL+ss9JUMgAvd2aSRhWMu2
SQrTsbimuJwHwPbVLRzV3HS6NsgzJgwIEexjmJ1a6kVKvbwOL3RsOqgMyK8/5ka2
V2cWn//0Jzc=
=Rplg
-----END PGP SIGNATURE-----
More information about the Catalog-SIG
mailing list