[Distutils] some questions about PEP470
Nick Coghlan
ncoghlan at gmail.com
Wed Oct 15 03:33:50 CEST 2014
On 15 Oct 2014 11:16, "Donald Stufft" <donald at stufft.io> wrote:
> On Oct 14, 2014, at 8:50 PM, Stefan Krah <stefankrah at freenet.de> wrote:
>
> >
> > Anyway, it will be kind of tough to force U.S. exceptionalism via the
terms
> > and conditions on an international body of authors if only uploaded
packages
> > are allowed.
> >
>
> I’m not even sure what this is trying to say… How are our pretty simple
ToS
> some sort of US exceptionalism?
PyPI is hosted in the US, and thus covered by US export laws.
I don't follow Stefan's objection, however, given that the objective of PEP
470 is to improve the user experience of external hosting, rather than to
disallow it.
We're also working with the TUF developers to make sure that the next draft
of their PEP appropriately covers the external hosting use case.
The only things we're actively trying to eliminate are the MITM
vulnerability affecting the majority of current externally hosted packages,
and the poor user experience that arises when the current link spidering
mechanism leads to packaging clients feeling obliged to silently ignore
unreachable URLs when looking for externally hosted packages.
Regards,
Nick.
>
> >
> >
> > Stefan Krah
> >
> >
> >
> >
> > _______________________________________________
> > Distutils-SIG maillist - Distutils-SIG at python.org
> > https://mail.python.org/mailman/listinfo/distutils-sig
>
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20141015/50f8140f/attachment.html>
More information about the Distutils-SIG
mailing list