[Distutils] Remove the "Mirror Authenticity" API

Donald Stufft donald at stufft.io
Sun Sep 29 08:44:41 CEST 2013 

Only the naming scheme is dead, protocol itself is still fine.

On Sep 29, 2013, at 1:52 AM, Richard Jones <richard at mechanicalcat.net> wrote:

> Like Nick I'm not sure I see the urgency here. I'm going to add a deprecation statement to the public mirroring page at /mirrors so it's clear that protocol is dead (not just resting).
> 
> 
>     Richard
> 
> 
> On 29 September 2013 13:07, Donald Stufft <donald at stufft.io> wrote:
> 
> On Sep 28, 2013, at 10:16 PM, Nick Coghlan <ncoghlan at gmail.com> wrote:
> 
> > On 29 September 2013 11:10, Noah Kantrowitz <noah at coderanger.net> wrote:
> >> +1
> >>
> >> --Noah
> >
> > Deprecating it as a consequence of PEP 449 makes sense, but is there
> > any urgency to dropping it?
> >
> > I'm not necessarily opposed to removing it, but what's the specific
> > *gain* in doing so? If it's just a matter of wanting to skip
> > implementing it for Warehouse, then I'd say +1 to leaving it out of
> > the API reimplementation, but I don't yet see the advantage in
> > removing it from the existing PyPI code base.
> >
> > If we do remove it, then it should probably only be after all the old
> > autodiscovery domain names have been redirected back to the main PyPI
> > server.
> >
> > Cheers,
> > Nick.
> >
> > --
> > Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia
> 
> Well the underlying reason is I think it's a dead end and I don't want to
> implement it in Warehouse.
> 
> The reason for wanting to remove it *now* instead of just letting it naturally
> die when Warehouse becomes a thing is to remove the (unlikely) chance
> that someone starts to depend on it in the interim. Basically since afaik
> nobody even uses it (Crate did for awhile and I had to disable it because
> of false failures) the risk is minimal to removing it outright to prevent it from
> being used.
> 
> Plus if the secret key has leaked (unlikely but possible given the implementation
> and the use of DSA) it's not just "cruft" it's outright dangerous.
> 
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
> 
> 


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130929/d732dd0a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130929/d732dd0a/attachment.sig>

More information about the Distutils-SIG mailing list