On Wed, 26 Aug 2015 21:24:05 -0400 Donald Stufft <donald@stufft.io> wrote:
At the time of this writing there are 65,232 projects hosted on PyPI and of those, 59 of them rely on external files that are safely hosted outside of PyPI and 931 of them rely on external files which are unsafely hosted outside of PyPI. This shows us that 1.5% of projects will be affected in some way by this change while 98.5% will continue to function as they always have. In addition, only 5% of the projects affected are using the features provided by PEP 438 to safely host outside of PyPI while 95% of them are exposing their users to Remote Code Execution via a Man In The Middle attack.
Out of curiosity, have you tried to determine if those Unsafely Off PyPI projects were either still active or "popular" ? The PEP looks fine anyway, good job :) Regards Antoine.