On 15 Oct 2014 11:16, "Donald Stufft" <[email protected]> wrote: > On Oct 14, 2014, at 8:50 PM, Stefan Krah <[email protected]> wrote: > > > > > Anyway, it will be kind of tough to force U.S. exceptionalism via the terms > > and conditions on an international body of authors if only uploaded packages > > are allowed. > > > > I’m not even sure what this is trying to say… How are our pretty simple ToS > some sort of US exceptionalism?
PyPI is hosted in the US, and thus covered by US export laws. I don't follow Stefan's objection, however, given that the objective of PEP 470 is to improve the user experience of external hosting, rather than to disallow it. We're also working with the TUF developers to make sure that the next draft of their PEP appropriately covers the external hosting use case. The only things we're actively trying to eliminate are the MITM vulnerability affecting the majority of current externally hosted packages, and the poor user experience that arises when the current link spidering mechanism leads to packaging clients feeling obliged to silently ignore unreachable URLs when looking for externally hosted packages. Regards, Nick. > > > > > > > Stefan Krah > > > > > > > > > > _______________________________________________ > > Distutils-SIG maillist - [email protected] > > https://mail.python.org/mailman/listinfo/distutils-sig > > _______________________________________________ > Distutils-SIG maillist - [email protected] > https://mail.python.org/mailman/listinfo/distutils-sig
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
