On Feb 6, 2013, at 10:20 PM, Richard Jones <rich...@python.org> wrote:
> On 7 February 2013 13:40, <mar...@v.loewis.de> wrote: >> >> Zitat von Jesse Noller <jnol...@gmail.com>: >> >> >>> I don't think we need to transfer the domain to the PSF, but it should >>> definitely be hosted on our cluster at OSU >> >> >> It should continue to live on the very same machine (i.e. PyPI) >> as it is now. > > That was my intention. I was just going to configure the web server to > handle the new domain and point at the same storage area that PyPI > currently dumps stuff into. > Ok, but since I'm like my daughter ill say that's ok but insist you're all wrong and I'm still right can I have a cookie? (It's cool use the same host) > > Then Jesse said: >> It's user uploaded content we already know to be unsafe, that we're putting >> on a different domain. Why host it on the same box when we already know VM >> isolation reduces the attack surface of each VM? > > I'd rather keep it on the same host to simplify the configuration; all > I need to do is configure another vhost in the current setup to handle > the new name. Moving the files to some other VM would require some > (significant, I think) work in PyPI to support handling storing the > files non-locally. > > Isn't the risk pretty minimal given the content is all static? > > > Richard _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
