[Catalog-sig] hash tags (was: Deprecation of External Urls, Statistics)

Christian Heimes christian at python.org
Fri Mar 8 13:15:23 CET 2013

Am 08.03.2013 12:49, schrieb M.-A. Lemburg:
> Together with the added hash tag on the download file URLs (*),
> this would solve the availability and the security aspects.
> Instead of deprecating external links altogether, we could then
> deprecate non-compliant download links and get an overall
> very flexible system for Python package distribution.
> (*) Yes, I know, I still have to deliver the updated proposal -
> been working on getting our indexes ready to serve as example :-)

How does your proposal look like? I like to propose query string-like
key/value pairs. key/value pairs are more flexible and allow us to
add/remove new information in the future.

I also propose that we add the file size in octets (bytes with 8bits in
each byte) to the fragment identifier. File size validation prohibits
e.g. length extension attacks. It is useful to download tools. I know
that HTTP servers usually set a Content-Length header for static files.
But the header is set by the CDN while the information in the fragment
identifier shall come from PyPI's internal database.




More information about the Catalog-SIG mailing list