[Catalog-sig] Proposal: Move PyPI static data to the cloud for better availability

Jesus Cea jcea at jcea.es
Wed Jun 16 00:11:14 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 15/06/10 22:04, "Martin v. Löwis" wrote:
>> I read pep 381 long time ago and I don't remember how/when a mirror
>> would update, but I do remember it doesn't mandate digital signatures
>> (signed by pypi central node, verified by setuptools&friends). That is a
>> big gap, in my opinion.
> 
> The PEP doesn't explain the digital signing that is going on in
> mirroring. See
> 
> http://mail.python.org/pipermail/catalog-sig/2009-March/002018.html
> 
> This is fully implemented (except that client would need to verify the
> signatures, and except key rollover hasn't happened yet).

Could I ask pep381 to be updated?.

- -- 
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea at jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:jcea at jabber.org         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBTBf6gplgi5GaxT1NAQJh6AP/T0pyein9GQ2ZmsL1JOxQOdGMhZfg7Jxu
go2WuHgrV2Jog7koQFDaX0y/gwTonW5w9AWRcsbQTbOL+ss9JUMgAvd2aSRhWMu2
SQrTsbimuJwHwPbVLRzV3HS6NsgzJgwIEexjmJ1a6kVKvbwOL3RsOqgMyK8/5ka2
V2cWn//0Jzc=
=Rplg
-----END PGP SIGNATURE-----


More information about the Catalog-SIG mailing list