On Aug 6, 2013, at 12:10 AM, holger krekel <holger@merlinux.eu> wrote:
On Mon, Aug 05, 2013 at 23:49 -0700, Noah Kantrowitz wrote:
On Aug 5, 2013, at 11:09 PM, Christian Theune <ct@gocept.com> wrote: (...) Between now and the first DNS change, I would absolutely recommend any current public mirrors to redirect users to their new domain name if they intend to have one, and we'll do whatever we can to help make users aware of the switch. I would rather have a clear timeline with fewer steps than add another stage where we (PSF) are issuing redirects to non-PSF servers. Very very +1 on the easier bandersnatch-ing though, I really would love to see more mirrors out there, I just don't want them associated with PyPI or python.org, and I don't want pip to be trying to auto-discover them.
PyPI mirrors _are_ associated with PyPI and pypi.python.org. (Why) Do do want to flatly rule out pip/pypi.python.org support for managing mirrors?
The perl CPAN mirroring provides this nice little machine-readable file:
http://www.cpan.org/indices/mirrors.json
and a python-equivalent could be consumed by pip, i guess.
Because at this time there is no Python package installer that can install from a public mirror in a way that makes me comfortable supporting it as an official resource. This could be addressed in pip by verifying the /simple signatures, but this mostly precludes improved mirroring mechanisms like that used by Crate. More to the point, I as the head of infrastructure am responsible for *.python.org, but if there is an issue with a mirror, be it downtime, server compromise, or anything else, me and my team can't do anything to fix that. This is, again, not a situation I am comfortable with. --Noah