One means by which I could see an f.pypi.python.org DNS record being > left in place indefinitely is if the TUF folks are able to come up > with a scheme for offering end-to-end security for the *existing* PyPI > metadata, *and* the TUF metadata is mirrored by bandersnatch *and* the > TUF client side integrity checks are invoked by pip. In that case, the > security argument regarding the lack of TLS on the subdomains would be > rendered moot, and the backwards compatibility argument for keeping it > active would win. >
It seems like you've been reading our minds (or at least our mailing list)! Thanks, Justin
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
