On May 28, 2013, at 2:42 AM, Paul Moore <p.f.mo...@gmail.com> wrote:
> On 28 May 2013 02:53, Donald Stufft <don...@stufft.io> wrote: > Figured it out. > > Use HTTPS. > > Can I suggest that if the new CDN means that there are additional > restrictions on what is supported (I've used the XMLRPC API without https in > one-off scripts in the past) then the officially supported API should be > properly documented once and for all in a PEP, including some sort of "what's > new" or "rationale" section describing the various changes that have occurred > recently and their impact on user code? > > I'm purely a casual user of the PyPI API and the discussion of these changes > haa mostly gone over my head. The one thing I've taken away from it is that I > may get problems if I just google for sample code to use. For example, the > above comment implies that http://wiki.python.org/moin/PyPIXmlRpc (AIUI, the > nearest to formal documentation that the XMLRPC API has) is wrong (as it uses > http). > > I do appreciate all the work that is going on to improve the PyPI > infrastructure. I'm not saying the changes should be reverted, just that the > consequences should be clearly explained. > > Paul. To be quite honest the HTTP 1.0 + HTTP issue simply wasn't discovered in testing. The http url works fine on Python 2.7 (which I'm assuming uses HTTP 1.1). I'm not completely happy that HTTP is broken in Python2.6 (and I'm assuming earlier) and have it on my list to see if there's anything that can be done. THat being said the most future compatible way will be to use the HTTPS url for any interaction (and ideally verify the SSL, but the built in XMLRPC library doesn't do that). My "Use HTTPS" was more to speak how to solve the issue *right now*. Documentation should be updated to point to HTTPS though. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
