Martin v. Löwis a écrit :
>> It is unreliable [bugs.launchpad.net/pypi-mirror/+bug/386143] and lacks >> the pre-extracted metadata. I wouldn't call it a mirror tool, for it is >> not an exact copy of PyPI data[1]. >> >> *** >> [1] "In computing, a mirror is an exact copy of a data set. On the >> Internet, a mirror site is an exact copy of another Internet site. ..." > > In this strict sense, PyPI will never have a mirror, nor does any of the > other project hosting services have a mirror in the strict sense. > > In particular, I'm not willing (and not allowed to) give mirrors access > to PyPI's user database: account names and email addresses. Mirrors are just mirrors, We can strip down the pypi database to bare-mirroring minimum. Mirrors could just be read-only. Thus by deleting or changing all personal accounts and other critical informations to something "random". We do not need complete pypi database on mirrors. It's largely enough to get the distributions from and to install things. It doesn't require also much developments to get it ready. Just the script that make the current database "informationless" and "download safe" and limited access to the filesystem where are stored the distributions for replication. We can imagine some xmlrpc mecanisms to synchronise mirrors databases without implicating to change the mirror database after some time. I didn't look to existing pypimirroring tools, i think some implemention (z3c.pypimirror at least) must do something in that way and could be a good starter. > Regards, > Martin -- Cordialement, KiOrKY GPG Key FingerPrint: 0x1A1194B7681112AF
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
