"Martin v. Löwis" wrote: > Am 28.04.2011 10:26, schrieb M.-A. Lemburg: >> "Martin v. Löwis" wrote: >>> I came up with a key rollover scheme for the server key on PyPI. >>> [...] >>> >>> The key rollover will be logged in the PyPI journal, >>> using an empty package name and an empty release. TOOLS USING >>> THE JOURNAL MAY NEED TO BE FIXED TO ACCOMMODATE EMPTY PACKAGE >>> NAMES. Earlier today, such a journal entry was already added; >>> I took it out again when I noticed that some tools actually >>> do need to be fixed. >> >> I can't comment on the other parts of the proposal, but the above >> suggestions doesn't sound like a good solution: an empty package >> name in the update stream looks more like a server or client >> decoding bug than a trigger to do a key update. > > Oops, I forgot a critical detail: the "action" string in the journal > entry would be "keyrotate".
Ah, ok. Makes more sense then :-) >> Wouldn't it be better to use a descriptive package name such >> as "pypi-serverkey-update" together with a package version >> which identifies the new serverkey version as trigger ? > > That would not be good - tools would (rightly) assume that there > is a package with that name, and try to mirror it. Well, you could create a package under that name which then contains a module with all known server keys. Might be useful to have for other purposes as well. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Apr 28 2011) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2011-06-20: EuroPython 2011, Florence, Italy 53 days to go ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
