We're looking for a solution for internal PyPi server. 

We like developers/data Scientists to use the packages only from the internal repo, which is approved by legal and scanned for security purposes.  Can we let admins to download from external PyPi, and other users only download from internal repo only? If the package is not in the local repo, the developers need to discuss with Admin first.

From reading the doc it seems Devpi can be a through cache. Is this something Devpi can do?

Thank you very much!

Best,

Jessie