On Wed, Apr 27, 2011 at 8:39 PM, Martin v. Löwis mar...@v.loewis.de wrote:
I came up with a key rollover scheme for the server key on PyPI.
The objective of this key rollover is to protect against brute-force
attacks of people trying to crack the key. If the main server itself
gets compromised
I'm upset, because I *was* using the rating system. I also *knew* the
limitations of this feature. I didn't think of choosing an application
framework based on the rating. I'm not that stupid. (But I have just
learned that some people believe that I'm that stupid. Thank you!)
The rating
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/28/2011 07:06 AM, Marcello Perathoner wrote:
I'm upset, because I *was* using the rating system. I also *knew* the
limitations of this feature. I didn't think of choosing an application
framework based on the rating. I'm not that stupid.
Martin v. Löwis wrote:
Am 28.04.2011 10:26, schrieb M.-A. Lemburg:
Martin v. Löwis wrote:
I came up with a key rollover scheme for the server key on PyPI.
[...]
The key rollover will be logged in the PyPI journal,
using an empty package name and an empty release. TOOLS USING
THE JOURNAL