[Catalog-sig] PyPI mirror key rollover
mal at egenix.com
Thu Apr 28 10:26:41 CEST 2011
"Martin v. Löwis" wrote:
> I came up with a key rollover scheme for the server key on PyPI.
> The key rollover will be logged in the PyPI journal,
> using an empty package name and an empty release. TOOLS USING
> THE JOURNAL MAY NEED TO BE FIXED TO ACCOMMODATE EMPTY PACKAGE
> NAMES. Earlier today, such a journal entry was already added;
> I took it out again when I noticed that some tools actually
> do need to be fixed.
I can't comment on the other parts of the proposal, but the above
suggestions doesn't sound like a good solution: an empty package
name in the update stream looks more like a server or client
decoding bug than a trigger to do a key update.
Wouldn't it be better to use a descriptive package name such
as "pypi-serverkey-update" together with a package version
which identifies the new serverkey version as trigger ?
Professional Python Services directly from the Source (#1, Apr 28 2011)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
2011-06-20: EuroPython 2011, Florence, Italy 53 days to go
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
More information about the Catalog-SIG