[Distutils] What to do about the PyPI mirrors

martin at v.loewis.de martin at v.loewis.de
Tue Aug 6 09:29:53 CEST 2013

Quoting Donald Stufft <donald at stufft.io>:

> Unless I'm forgetting something there's no real way to get the server key
> without going through Fastly

You should have a copy of the server key upfront, on your disk.

You can still get it directly from pypi with HTTP request to

> and even if there was Fastly could just hijack
> an upload (and murder their entire business in the process).

Couldn't you also use pypi.int.python.org for uploading?


More information about the Distutils-SIG mailing list