[Distutils] What to do about the PyPI mirrors

[Donald Stufft]

On Aug 6, 2013, at 3:47 AM, Nick Coghlan <ncoghlan at gmail.com> wrote:

> On 6 August 2013 17:30, Donald Stufft <donald at stufft.io> wrote:
>> On Aug 6, 2013, at 3:20 AM, martin at v.loewis.de wrote:
>>> See above. He did that, and the PyPI maintainers will break it.
>> 
>> I don't think anyones claimed that removing the names won't break things for
>> people who directly referenced them, but it's an important step that we do that.
> 
> Right, but I think it's one where we can offer responsive mirror
> maintainers a generous time frame. We're down to only 5 mirrors using
> the *.pypi.python.org naming scheme anyway, so we should probably
> include contacting the maintainers directly in the transition plan.
> 
> That makes the process:
> 
> - we immediately stop handing out any new *.pypi.python.org mirror
> names (this has effectively happened already, the PEP will just be
> making it official)
> - the operators of the 5 current *.pypi.python.org mirrors are
> contacted directly, informing them of the plan to deprecate and remove
> those domain names, and offering the choice of two alternatives:

Minor point but it's 4 mirrors. The a mirror is simply an alias for PyPI itself
which leaves, c, e, f, g.

> 
>    1. After 2 months (or earlier if requested), the domain name is
> redirected to the PyPI CDN and the mirror is effectively retired. 2
> months after the release of pip 1.5, the name is removed entirely
>    2. The mirror operator establishes a 301 redirect to a HTTPS
> capable domain name they control and negotiates the time frame for
> retirement and removal of the *.pypi.python.org domain record with the
> PSF infrastructure team
> 
> - after two months, last.pypi.python.org and any *.pypi.python.org
> mirror names which didn't request option 2 above are redirected to the
> CDN
> - two months after the release of pip 1.5, last.pypi.python.org and
> any *.pypi.python.org mirror names which didn't request option 2 above
> are removed from the DNS
> - the exact time frames for option 2 above will be worked out
> individually with the mirror operators that request it (that would be
> at least Christian for f.pypi.python.org, and perhaps some of the
> other mirror operators if they also choose option 2)

It's probably simpler to just lengthen the timeframe and allow early opt
in to having the N.pypi.python.org redirected back to PyPI (Minor point,
it doesn't actually go directly through the CDN because the CDN is configured
to require SSL).

I would much rather have the details laid out in the PEP than have the Infra
team being placed in the line of fire. I think it would even be reasonable to
not have a forced redirect to the CDN and instead say in N amount of time
the DNS entries will be removed, and allow mirror operators to ask us to
redirect their N.pypi.python.org back to the CDN if they've felt their migration
is complete before N amount of time happens.

The big question then becomes what is a reasonable value for N amount of time,
the original proposal essentially used 4 months for no real reason. Would 6 months
be better? 8? I think making this window _too_ long doesn't really do anything
except delay the inevitable and the window should be decided on for what's a reasonable
amount of time for people to move away from pointing directly at the N.pypi.python.org
not delaying the need to do it until a later date.

> 
> Cheers,
> Nick.
> 
> -- 
> Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130806/6ace15b3/attachment.pgp>