Quoting Nick Coghlan <ncogh...@gmail.com>:
On 6 August 2013 16:09, Christian Theune <c...@gocept.com> wrote:
Hi,
looks like I'm late to the party to figure out that I'm going to be hurt
again.
That's why I asked for this to be put through the PEP process: to give
it more visibility, and provide more opportunity for people
potentially affected to have a chance to comment and offer
alternatives. Giving third parties the opportunity to read python.org
cookies indefinitely isn't an option.
Define "third party". There are a number of organisations other than the
PSF that can read python.org cookies.
As Noah explains, it's a matter of trust. Noah chooses to trust Fastly,
I choose to trust Christian Theune. We both have then imposed our trust
on the community.
In any case, I consider the cookie issue a red herring. Mirror operators
could only steal cookies if users actually pointed their web browsers to
the mirrors. They typically don't, since they use setuptools or pip,
which doesn't even have access to the cookies. And, if a mirror operator
actually does request cookies, there is a high risk in being caught in
doing so. If that happens, the mirror operator will not only lose the mirror,
but also lose community trust.
Regards,
Martin
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig
