On 28.04.2011, at 10:26, M.-A. Lemburg wrote: > "Martin v. Löwis" wrote: >> I came up with a key rollover scheme for the server key on PyPI. >> [...] >> >> The key rollover will be logged in the PyPI journal, >> using an empty package name and an empty release. TOOLS USING >> THE JOURNAL MAY NEED TO BE FIXED TO ACCOMMODATE EMPTY PACKAGE >> NAMES. Earlier today, such a journal entry was already added; >> I took it out again when I noticed that some tools actually >> do need to be fixed. > > I can't comment on the other parts of the proposal, but the above > suggestions doesn't sound like a good solution: an empty package > name in the update stream looks more like a server or client > decoding bug than a trigger to do a key update. > > Wouldn't it be better to use a descriptive package name such > as "pypi-serverkey-update" together with a package version > which identifies the new serverkey version as trigger ?
+1 Yeah, a convention like that seems better than an empty release. Jannis _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
