[Distutils] What to do about the PyPI mirrors

Noah Kantrowitz noah at coderanger.net
Thu Jul 25 08:14:12 CEST 2013

On Jul 24, 2013, at 10:38 PM, Richard Jones wrote:

> Hi all,
> I've just been contacted by someone who's set up a new public mirror
> of PyPI and would like it integrated into the mirror ecosystem.
> I think it's probably time we thought about how to demote the mirrors:
> - they cause problems with security (being under the python.org domain
> causes various issues including inability to use HTTPS and cookie
> issues)
> - they're no longer necessary thanks to the CDN work
> So, things to do:
> - links and information on PyPI itself can be removed
> - tools that use mirrors still need to be able to but mention of using
> public mirrors is probably something to demote
> These are just rough thoughts that occurred to me just now.

+1, as envoy of infrastructure team we would like to formally retire the [a-z].pypi.python.org names. Anyone with an existing mirror should be encouraged to continue maintaining it, but it will be for their own use (or the use of their company/internal network).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130724/f5ccf2bc/attachment-0001.pgp>

More information about the Distutils-SIG mailing list