Aug. 6, 2013
1:13 p.m.
One means by which I could see an f.pypi.python.org DNS record being
left in place indefinitely is if the TUF folks are able to come up with a scheme for offering end-to-end security for the *existing* PyPI metadata, *and* the TUF metadata is mirrored by bandersnatch *and* the TUF client side integrity checks are invoked by pip. In that case, the security argument regarding the lack of TLS on the subdomains would be rendered moot, and the backwards compatibility argument for keeping it active would win.
It seems like you've been reading our minds (or at least our mailing list)! Thanks, Justin