On Jul 25, 2013, at 1:38 AM, Richard Jones <r1chardj0...@gmail.com> wrote:
> Hi all, > > I've just been contacted by someone who's set up a new public mirror > of PyPI and would like it integrated into the mirror ecosystem. > > I think it's probably time we thought about how to demote the mirrors: > > - they cause problems with security (being under the python.org domain > causes various issues including inability to use HTTPS and cookie > issues) > - they're no longer necessary thanks to the CDN work > > So, things to do: > > - links and information on PyPI itself can be removed > - tools that use mirrors still need to be able to but mention of using > public mirrors is probably something to demote > > These are just rough thoughts that occurred to me just now. > > > Richard > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG@python.org > http://mail.python.org/mailman/listinfo/distutils-sig Can we close the loop on this? Ideally I think any public mirrors should need to register their own domain name. We can either maintain a list of unofficial mirrors, or Ken Cochrane has been doing a good job I think of keeping a list (as well as tracking some basic stats) at http://pypi-mirrors.org/ so maybe we can just point people to that as the list of mirrors? Ideally we should get all of them off the *.python.org namespace. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
