-1 - maybe I don't have the right to speak up on CDN usage, but personally I feel it's a bad idea to delegate overall PyPI availability exclusively to a commercial third party.
Well, it's been done, and it was always a better idea than the way mirrors was implemented.
It's OK for me that we're using them to improve PyPI availability, but completely putting our faith in their hands, doesn't sound right to me.
We must put out faith in somebody's hands with regards to PyPI. That hasn't changed.
That's something that the mirroring infrastructure should have been constructed for. I completely agree that the way the mirroring was established was way sub-optimal. I think we can do better.
Only by building our own CDN. We won't do better than the ones that exist.
Well, now we have one breakage point more which keeps annoying me.
We do? How?
Also, not everyone wants or needs auto-detection the way that the protocol describes it. I personally just hand-pick a mirror (my own, hah) and keep using that.
I agree that this is probably the best choice, and you can still do that.
I'd like to avoid breakage. Again, if you don't let me choose where to spend my time, I'd rather invest the time I need for cleaning up the breakage into something constructive.
The only breakage I can see in this proposal is that the [a-z] dns names go away. That would take four months. I think perhaps that's a bit short. I don't see why we can't keep them around for much longer. A way to find mirrors is needed, but perhaps not automatic, but for when pypi goes down. //Lennart