[Distutils] Good news everyone, PyPI is behind a CDN

Donald Stufft donald at stufft.io
Tue May 28 13:48:06 CEST 2013

On May 28, 2013, at 2:42 AM, Paul Moore <p.f.moore at gmail.com> wrote:

> On 28 May 2013 02:53, Donald Stufft <donald at stufft.io> wrote:
> Figured it out.
> Use HTTPS.
> Can I suggest that if the new CDN means that there are additional restrictions on what is supported (I've used the XMLRPC API without https in one-off scripts in the past) then the officially supported API should be properly documented once and for all in a PEP, including some sort of "what's new" or "rationale" section describing the various changes that have occurred recently and their impact on user code?
> I'm purely a casual user of the PyPI API and the discussion of these changes haa mostly gone over my head. The one thing I've taken away from it is that I may get problems if I just google for sample code to use. For example, the above comment implies that http://wiki.python.org/moin/PyPIXmlRpc (AIUI, the nearest to formal documentation that the XMLRPC API has) is wrong (as it uses http).
> I do appreciate all the work that is going on to improve the PyPI infrastructure. I'm not saying the changes should be reverted, just that the consequences should be clearly explained.
> Paul.

To be quite honest the HTTP 1.0 + HTTP issue simply wasn't discovered in testing. The http url works fine on Python 2.7 (which I'm assuming uses HTTP 1.1). I'm not completely happy that HTTP is broken in Python2.6 (and I'm assuming earlier) and have it on my list to see if there's anything that can be done.

THat being said the most future compatible way will be to use the HTTPS url for any interaction (and ideally verify the SSL, but the built in XMLRPC library doesn't do that). My "Use HTTPS" was more to speak how to solve the issue *right now*.

Documentation should be updated to point to HTTPS though.

Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130528/1d7e1261/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130528/1d7e1261/attachment.pgp>

More information about the Distutils-SIG mailing list