[Distutils] Good news everyone, PyPI is behind a CDN

holger krekel holger at merlinux.eu
Tue May 28 08:57:13 CEST 2013

On Tue, May 28, 2013 at 07:42 +0100, Paul Moore wrote:
> On 28 May 2013 02:53, Donald Stufft <donald at stufft.io> wrote:
> > Figured it out.
> >
> > Use HTTPS.
> >
> Can I suggest that if the new CDN means that there are additional
> restrictions on what is supported (I've used the XMLRPC API without https
> in one-off scripts in the past) then the officially supported API should be
> properly documented once and for all in a PEP, including some sort of
> "what's new" or "rationale" section describing the various changes that
> have occurred recently and their impact on user code?

I second this.  I am building tools that interact with PyPI and people
and customers are using them.  I don't want to find a switch announced
which breaks them and then hear "sorry, that's the future now" without
this future being documented and discussed before the fact.  The PyPI
infrastructure and its supported tool interactions today are as important as
evolving the language itself so PEPs are warranted.  As with PEP438 i am
willing to help this process.

> I'm purely a casual user of the PyPI API and the discussion of these
> changes haa mostly gone over my head. The one thing I've taken away from it
> is that I may get problems if I just google for sample code to use. For
> example, the above comment implies that
> http://wiki.python.org/moin/PyPIXmlRpc (AIUI, the nearest to formal
> documentation that the XMLRPC API has) is wrong (as it uses http).
> I do appreciate all the work that is going on to improve the PyPI
> infrastructure. I'm not saying the changes should be reverted, just that
> the consequences should be clearly explained.

I also appreciate Noah's and Donald's CDN work here, up to the point where 
it breaks things for unclear reasons.  Reasons which might very well
be valid, nevertheless!


More information about the Distutils-SIG mailing list