[Distutils] What to do about the PyPI mirrors

Christian Theune ct at gocept.com
Tue Aug 6 08:11:57 CEST 2013

Two more things:

why is the CDN not suffering from the security problems you describe 
for the mirrors?

a) Fastly seems to be the one owning the certificate for 
pypi.python.org. What?!?

b) What does stop Fastly from introducing incorrect/rogue code in 
package downloads?


More information about the Distutils-SIG mailing list