[Distutils] What to do about the PyPI mirrors
martin at v.loewis.de
martin at v.loewis.de
Tue Aug 6 09:29:53 CEST 2013
Quoting Donald Stufft <donald at stufft.io>:
> Unless I'm forgetting something there's no real way to get the server key
> without going through Fastly
You should have a copy of the server key upfront, on your disk.
You can still get it directly from pypi with HTTP request to
pypi.into.python.org/serverkey.
> and even if there was Fastly could just hijack
> an upload (and murder their entire business in the process).
Couldn't you also use pypi.int.python.org for uploading?
Regards,
Martin
More information about the Distutils-SIG
mailing list