[Catalog-sig] Fwd: readthedocs.org or packages.python.org?
Richard Jones
richard at python.org
Thu Feb 7 04:20:36 CET 2013
On 7 February 2013 13:40, <martin at v.loewis.de> wrote:
>
> Zitat von Jesse Noller <jnoller at gmail.com>:
>
>
>> I don't think we need to transfer the domain to the PSF, but it should
>> definitely be hosted on our cluster at OSU
>
>
> It should continue to live on the very same machine (i.e. PyPI)
> as it is now.
That was my intention. I was just going to configure the web server to
handle the new domain and point at the same storage area that PyPI
currently dumps stuff into.
Then Jesse said:
> It's user uploaded content we already know to be unsafe, that we're putting on a different domain. Why host it on the same box when we already know VM isolation reduces the attack surface of each VM?
I'd rather keep it on the same host to simplify the configuration; all
I need to do is configure another vhost in the current setup to handle
the new name. Moving the files to some other VM would require some
(significant, I think) work in PyPI to support handling storing the
files non-locally.
Isn't the risk pretty minimal given the content is all static?
Richard
More information about the Catalog-SIG
mailing list