[Distutils] [tuf] Re: Automation for creating, updating and destroying a TUF-secured PyPI mirror
Nick Coghlan
ncoghlan at gmail.com
Tue Apr 9 07:19:53 CEST 2013
On Tue, Apr 9, 2013 at 3:17 PM, Justin Cappos <jcappos at poly.edu> wrote:
> His 29MB and 58MB numbers assume that every developer has their own key
> right now. We don't think this is likely to happen and propose initially
> signing everything that the developers don't sign with a single PyPI key.
>
> It also assumes there are no abandoned packages / devel account. I also
> think many devels won't go back and sign all old versions of their software.
> So my number is definitely a back of the envelope calculation using
> Trishank's data. Trishank's calculations are much more expressive, but are
> the "worst case" size.
OK, that makes sense - thanks for the clarification.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Distutils-SIG
mailing list