[Distutils] PyPI CDN Updates For Greater Availability
Donald Stufft
donald at stufft.io
Thu Jul 4 07:38:19 CEST 2013
Several changes were just deployed to PyPI's CDN. The general
theme behind the changes is making it so that PyPI appears as
functional as possible through a failure of the server hosting it. This
should increase the availability of PyPI and enable things such as
installation and browsing the site to continue to work through a
catastrophic host failure on the PSF infrastructure.
The details of what changes are:
- Anonymous users will find that /pypi* pages are now cached for
a short amount of time (currently 60s).
- Objects will be stored in the cache for some time past their
expiration date. They will not be used except in two circumstances:
- A request is taking longer than 15s to complete, a "stale" object
will be returned to prevent a pile up from occurring.
- The backend[1] has been deemed unhealthy, in which case stale
objects will be served in order to allow some level of functionality
until the backend has been restored.
- In the advent of an unhealthy backend all requests will be forced to
be anonymous, making them eligible for the stale objects that
have been cached.
- The /mirrors and /security pages will be cached for a week, allowing
them to likely be available through a backend failure making it easy
to locate mirrors[2] or report a security issue.
- Miscellaneous changes to normalize various things so that a single
item in the cache will be able to be used for more requests, making
it more likely that any particular request will be served from the Cache.
[1] Backend in this context means the server hosting PyPI itself, what
the CDN itself connects too.
[2] Using the mirrors is done so at your own risk. None of the tools
currently verify the downloads and they are downloaded over
HTTP. This makes it trivial for an attacker to execute arbitrary
code on your machine via a MITM.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130704/7fe7c544/attachment.pgp>
More information about the Distutils-SIG
mailing list