[Distutils] Python people want CPAN and how the latter came about
kiorky at cryptelium.net
Sat Dec 26 12:14:04 CET 2009
Martin v. Löwis a écrit :
>> It is unreliable [bugs.launchpad.net/pypi-mirror/+bug/386143] and lacks
>> the pre-extracted metadata. I wouldn't call it a mirror tool, for it is
>> not an exact copy of PyPI data.
>>  "In computing, a mirror is an exact copy of a data set. On the
>> Internet, a mirror site is an exact copy of another Internet site. ..."
> In this strict sense, PyPI will never have a mirror, nor does any of the
> other project hosting services have a mirror in the strict sense.
> In particular, I'm not willing (and not allowed to) give mirrors access
> to PyPI's user database: account names and email addresses.
Mirrors are just mirrors, We can strip down the pypi database to bare-mirroring
minimum. Mirrors could just be read-only. Thus by deleting or changing all
personal accounts and other critical informations to something "random". We do
not need complete pypi database on mirrors.
It's largely enough to get the distributions from and to install things. It
doesn't require also much developments to get it ready. Just the script that
make the current database "informationless" and "download safe" and limited
access to the filesystem where are stored the distributions for replication.
We can imagine some xmlrpc mecanisms to synchronise mirrors databases without
implicating to change the mirror database after some time. I didn't look to
existing pypimirroring tools, i think some implemention (z3c.pypimirror at
least) must do something in that way and could be a good starter.
GPG Key FingerPrint: 0x1A1194B7681112AF
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the Distutils-SIG