Aug. 6, 2013
9:53 a.m.
On Tue, Aug 6, 2013 at 9:10 AM, holger krekel <holger@merlinux.eu> wrote:
PyPI mirrors _are_ associated with PyPI and pypi.python.org. (Why) Do do want to flatly rule out pip/pypi.python.org support for managing mirrors?
Automatic mirror discovery opens extra security holes until we have found some way to tighten up the security in general. Once we have a way of verifying packages that work and that doesn't rely on the mirror you are using, we could add it back. Indeed, just having a json list makes sense. //Lennart