[Catalog-sig] Pypi cdn for hosted packages
donald.stufft at gmail.com
Fri Mar 1 01:13:00 CET 2013
On Thursday, February 28, 2013 at 10:13 AM, Noah Kantrowitz wrote:
> Reponding from my phone quickly before this gets any further, will write more later. Plan is to have pypi move package download links to a new hostname (probably pypi-download.python.org (http://pypi-download.python.org)) and then throw that behind fastly. This sidesteps 100% of issues with dynamic pages, etc. Simple index with be handled secondarily.
Just an aside, can we use a pythonhosted.org domain, like
https://packages.pythonhosted.org/ or something?
That will prevent gifar like attacks where someone finds a way
to create a file that both looks like a valid file to PyPI, but
that browsers will interpret as something executable. Or rather
it prevents it from being able to attack *.python.org.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Catalog-SIG