[Catalog-sig] PyPI mirror key rollover

M.-A. Lemburg mal at egenix.com
Thu Apr 28 22:29:29 CEST 2011

"Martin v. Löwis" wrote:
> Am 28.04.2011 10:26, schrieb M.-A. Lemburg:
>> "Martin v. Löwis" wrote:
>>> I came up with a key rollover scheme for the server key on PyPI.
>>> [...]
>>> The key rollover will be logged in the PyPI journal,
>>> using an empty package name and an empty release. TOOLS USING
>>> NAMES. Earlier today, such a journal entry was already added;
>>> I took it out again when I noticed that some tools actually
>>> do need to be fixed.
>> I can't comment on the other parts of the proposal, but the above
>> suggestions doesn't sound like a good solution: an empty package
>> name in the update stream looks more like a server or client
>> decoding bug than a trigger to do a key update.
> Oops, I forgot a critical detail: the "action" string in the journal
> entry would be "keyrotate".

Ah, ok. Makes more sense then :-)

>> Wouldn't it be better to use a descriptive package name such
>> as "pypi-serverkey-update" together with a package version
>> which identifies the new serverkey version as trigger ?
> That would not be good - tools would (rightly) assume that there
> is a package with that name, and try to mirror it.

Well, you could create a package under that name which then
contains a module with all known server keys. Might be useful
to have for other purposes as well.

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Apr 28 2011)
>>> Python/Zope Consulting and Support ...        http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
2011-06-20: EuroPython 2011, Florence, Italy               53 days to go

::: Try our new mxODBC.Connect Python Database Interface for free ! ::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Catalog-SIG mailing list