[Distutils] What to do about the PyPI mirrors
Donald Stufft
donald at stufft.io
Sun Aug 4 02:17:03 CEST 2013
On Jul 25, 2013, at 1:38 AM, Richard Jones <r1chardj0n3s at gmail.com> wrote:
> Hi all,
>
> I've just been contacted by someone who's set up a new public mirror
> of PyPI and would like it integrated into the mirror ecosystem.
>
> I think it's probably time we thought about how to demote the mirrors:
>
> - they cause problems with security (being under the python.org domain
> causes various issues including inability to use HTTPS and cookie
> issues)
> - they're no longer necessary thanks to the CDN work
>
> So, things to do:
>
> - links and information on PyPI itself can be removed
> - tools that use mirrors still need to be able to but mention of using
> public mirrors is probably something to demote
>
> These are just rough thoughts that occurred to me just now.
>
>
> Richard
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig
Can we close the loop on this? Ideally I think any public mirrors
should need to register their own domain name. We can either
maintain a list of unofficial mirrors, or Ken Cochrane has been
doing a good job I think of keeping a list (as well as tracking some
basic stats) at http://pypi-mirrors.org/ so maybe we can just point
people to that as the list of mirrors?
Ideally we should get all of them off the *.python.org namespace.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130803/5f9d91f4/attachment-0001.pgp>
More information about the Distutils-SIG
mailing list