"Martin v. Löwis" wrote: > I came up with a key rollover scheme for the server key on PyPI. > [...] > > The key rollover will be logged in the PyPI journal, > using an empty package name and an empty release. TOOLS USING > THE JOURNAL MAY NEED TO BE FIXED TO ACCOMMODATE EMPTY PACKAGE > NAMES. Earlier today, such a journal entry was already added; > I took it out again when I noticed that some tools actually > do need to be fixed.
I can't comment on the other parts of the proposal, but the above suggestions doesn't sound like a good solution: an empty package name in the update stream looks more like a server or client decoding bug than a trigger to do a key update. Wouldn't it be better to use a descriptive package name such as "pypi-serverkey-update" together with a package version which identifies the new serverkey version as trigger ? -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Apr 28 2011) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2011-06-20: EuroPython 2011, Florence, Italy 53 days to go ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
