[Catalog-sig] Fwd: readthedocs.org or packages.python.org?
Jesse Noller
jnoller at gmail.com
Thu Feb 7 11:24:42 CET 2013
On Feb 6, 2013, at 10:20 PM, Richard Jones <richard at python.org> wrote:
> On 7 February 2013 13:40, <martin at v.loewis.de> wrote:
>>
>> Zitat von Jesse Noller <jnoller at gmail.com>:
>>
>>
>>> I don't think we need to transfer the domain to the PSF, but it should
>>> definitely be hosted on our cluster at OSU
>>
>>
>> It should continue to live on the very same machine (i.e. PyPI)
>> as it is now.
>
> That was my intention. I was just going to configure the web server to
> handle the new domain and point at the same storage area that PyPI
> currently dumps stuff into.
>
Ok, but since I'm like my daughter ill say that's ok but insist you're all wrong and I'm still right can I have a cookie?
(It's cool use the same host)
>
> Then Jesse said:
>> It's user uploaded content we already know to be unsafe, that we're putting on a different domain. Why host it on the same box when we already know VM isolation reduces the attack surface of each VM?
>
> I'd rather keep it on the same host to simplify the configuration; all
> I need to do is configure another vhost in the current setup to handle
> the new name. Moving the files to some other VM would require some
> (significant, I think) work in PyPI to support handling storing the
> files non-locally.
>
> Isn't the risk pretty minimal given the content is all static?
>
>
> Richard
More information about the Catalog-SIG
mailing list