[Catalog-sig] [PSF-Board] Troubled by changes to PyPI usage agreement

"Martin v. Löwis" martin at v.loewis.de
Thu Jan 21 22:06:37 CET 2010

> What about restricting the mirrors to the non web part in that case ?

I think MAL is talking about a completely different setup: the
unofficial mirror. The unofficial mirror doesn't follow any protocol;
it's just a mirror of PyPI using the standard API to fetch all data
available. People have been operating unofficial mirrors of various
qualities for several years.

Now, MAL is then concerned about malicious users of unofficial servers.
They might try to get their mirror high-ranking in Google, and then
redirect regular PyPI users to them. There isn't anything that the PEP
can do about that.

There has only been one such malicious mirror in the past. The PSF legal
council was fairly helpful in dealing with that case.


More information about the Catalog-SIG mailing list