[Distutils] What to do about the PyPI mirrors

Justin Cappos jcappos at poly.edu
Tue Aug 6 15:13:25 CEST 2013

One means by which I could see an f.pypi.python.org DNS record being
> left in place indefinitely is if the TUF folks are able to come up
> with a scheme for offering end-to-end security for the *existing* PyPI
> metadata, *and* the TUF metadata is mirrored by bandersnatch *and* the
> TUF client side integrity checks are invoked by pip. In that case, the
> security argument regarding the lack of TLS on the subdomains would be
> rendered moot, and the backwards compatibility argument for keeping it
> active would win.

It seems like you've been reading our minds (or at least our mailing list)!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130806/daa74de0/attachment.html>

More information about the Distutils-SIG mailing list