[Distutils] bandersnatch update
Christian Theune
ct at gocept.com
Tue Apr 9 08:41:46 CEST 2013
On 2013-04-08 19:43:07 +0000, PJ Eby said:
> On Sun, Apr 7, 2013 at 9:36 AM, Christian Theune <ct at gocept.com> wrote:
>> The internal mechanisms of PEP 381 and the way that clients can authenticate
>> the mirrored packages is not compatible with a partial mirror as the index
>> pages are not generated but taken byte-by-byte so they can be verified with
>> PyPIs cryptographic signature on them.
>
> FWIW, those pages use relative URLs for PyPI-hosted packages, which
> means you could serve those as a redirect in order to implement
> partial mirroring, at least in theory. ;-)
Heh. I did not see this coming, but I like it. :)
The simplest solution on a static mirror that I can see for this would
be (with nginx) a "missing files" rule that redirects to PyPI. However,
that would be bad form as that would cause *any* 404-triggering request
on a mirror to hit the upstream server - bad for bots.
I'll let this remain science fiction for now. :)
Christian
More information about the Distutils-SIG
mailing list