<div dir="ltr">Like Nick I'm not sure I see the urgency here. I'm going to add a deprecation statement to the public mirroring page at /mirrors so it's clear that protocol is dead (not just resting).<div><br></div>
<div><br></div><div> Richard</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 29 September 2013 13:07, Donald Stufft <span dir="ltr"><<a href="mailto:donald@stufft.io" target="_blank">donald@stufft.io</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
On Sep 28, 2013, at 10:16 PM, Nick Coghlan <<a href="mailto:ncoghlan@gmail.com">ncoghlan@gmail.com</a>> wrote:<br>
<br>
> On 29 September 2013 11:10, Noah Kantrowitz <<a href="mailto:noah@coderanger.net">noah@coderanger.net</a>> wrote:<br>
>> +1<br>
>><br>
>> --Noah<br>
><br>
> Deprecating it as a consequence of PEP 449 makes sense, but is there<br>
> any urgency to dropping it?<br>
><br>
> I'm not necessarily opposed to removing it, but what's the specific<br>
> *gain* in doing so? If it's just a matter of wanting to skip<br>
> implementing it for Warehouse, then I'd say +1 to leaving it out of<br>
> the API reimplementation, but I don't yet see the advantage in<br>
> removing it from the existing PyPI code base.<br>
><br>
> If we do remove it, then it should probably only be after all the old<br>
> autodiscovery domain names have been redirected back to the main PyPI<br>
> server.<br>
><br>
> Cheers,<br>
> Nick.<br>
><br>
> --<br>
> Nick Coghlan | <a href="mailto:ncoghlan@gmail.com">ncoghlan@gmail.com</a> | Brisbane, Australia<br>
<br>
</div>Well the underlying reason is I think it's a dead end and I don't want to<br>
implement it in Warehouse.<br>
<br>
The reason for wanting to remove it *now* instead of just letting it naturally<br>
die when Warehouse becomes a thing is to remove the (unlikely) chance<br>
that someone starts to depend on it in the interim. Basically since afaik<br>
nobody even uses it (Crate did for awhile and I had to disable it because<br>
of false failures) the risk is minimal to removing it outright to prevent it from<br>
being used.<br>
<br>
Plus if the secret key has leaked (unlikely but possible given the implementation<br>
and the use of DSA) it's not just "cruft" it's outright dangerous.<br>
<div class="HOEnZb"><div class="h5"><br>
-----------------<br>
Donald Stufft<br>
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA<br>
<br>
</div></div></blockquote></div><br></div>