Steve Holden wrote:
None that I am aware of, but Martin is the one who's been making changes
most recently. I don't think there's been any input from Van on this
yet, but I've been busy and may have forgotten or missed something.
Thanks.
As far as I can tell, the text on the PyPI registration
Agreed. Until this issue is resolved we can't allow (public) third-party
mirrors. Given the recent adverse reactions to PyPi changes we should be
careful not to cause any further offense.
regards
Steve
M.-A. Lemburg wrote:
Steve Holden wrote:
None that I am aware of, but Martin is the one
On Wed, Jan 20, 2010 at 8:06 PM, M.-A. Lemburg m...@egenix.com wrote:
Steve Holden wrote:
Agreed. Until this issue is resolved we can't allow (public) third-party
mirrors. Given the recent adverse reactions to PyPi changes we should be
careful not to cause any further offense.
Perhaps the
On Wed, Jan 20, 2010 at 10:34 PM, Tarek Ziadé ziade.ta...@gmail.com wrote:
[..]
http://www.python.org/dev/peps/pep-0381/#how-a-client-can-use-pypi-and-its-mirrors
I could add in the PEP the fact that the mirror has to be accepted by the PSF
See also :
On Wed, Jan 20, 2010 at 10:35 PM, Tarek Ziadé ziade.ta...@gmail.com wrote:
On Wed, Jan 20, 2010 at 10:34 PM, Tarek Ziadé ziade.ta...@gmail.com wrote:
[..]
http://www.python.org/dev/peps/pep-0381/#how-a-client-can-use-pypi-and-its-mirrors
I could add in the PEP the fact that the mirror has to
Steve Holden wrote:
Agreed. Until this issue is resolved we can't allow (public) third-party
mirrors. Given the recent adverse reactions to PyPi changes we should be
careful not to cause any further offense.
I quite disagree on that statement; I see the issue of mirrors as
completely
Tarek Ziadé wrote:
On Wed, Jan 20, 2010 at 8:06 PM, M.-A. Lemburg m...@egenix.com wrote:
Steve Holden wrote:
Agreed. Until this issue is resolved we can't allow (public) third-party
mirrors. Given the recent adverse reactions to PyPi changes we should be
careful not to cause any further
Martin v. Löwis wrote:
Steve Holden wrote:
Agreed. Until this issue is resolved we can't allow (public) third-party
mirrors. Given the recent adverse reactions to PyPi changes we should be
careful not to cause any further offense.
I quite disagree on that statement; I see the issue of
Of course, there's also a human dimension : we suppose that the people
running the mirror are people we can trust because they can
technically do malicious things in the mirror since we don't really
have any real protection (*yet*).
That's not true: users of mirrors can verify that the
2010/1/20 Martin v. Löwis mar...@v.loewis.de:
Of course, there's also a human dimension : we suppose that the people
running the mirror are people we can trust because they can
technically do malicious things in the mirror since we don't really
have any real protection (*yet*).
That's not
The only verification done is the md5 hash on the file, which can be
changed on the mirror (nothing prevents the mirror to compute its own
MD5 fragments in the download URLs)
That's not true. Changing the MD-5 would require to change the simple
page, and that in turn would break the server
2010/1/21 Martin v. Löwis mar...@v.loewis.de:
The only verification done is the md5 hash on the file, which can be
changed on the mirror (nothing prevents the mirror to compute its own
MD5 fragments in the download URLs)
That's not true. Changing the MD-5 would require to change the simple
12 matches
Mail list logo