I believe we should remove the /serverkey and /serversig/* API's from PyPI.
* I am not aware of *any* implementation that actually verifies packages
against this API
* In the light of PEP449 users now make a very conscious choice of which mirror
they are
using, which means they are no
+1
--Noah
On Sep 28, 2013, at 8:05 PM, Donald Stufft don...@stufft.io wrote:
I believe we should remove the /serverkey and /serversig/* API's from PyPI.
* I am not aware of *any* implementation that actually verifies packages
against this API
* In the light of PEP449 users now make a
On 29 September 2013 11:10, Noah Kantrowitz n...@coderanger.net wrote:
+1
--Noah
Deprecating it as a consequence of PEP 449 makes sense, but is there
any urgency to dropping it?
I'm not necessarily opposed to removing it, but what's the specific
*gain* in doing so? If it's just a matter of
On Sep 28, 2013, at 10:16 PM, Nick Coghlan ncogh...@gmail.com wrote:
On 29 September 2013 11:10, Noah Kantrowitz n...@coderanger.net wrote:
+1
--Noah
Deprecating it as a consequence of PEP 449 makes sense, but is there
any urgency to dropping it?
I'm not necessarily opposed to
Like Nick I'm not sure I see the urgency here. I'm going to add a
deprecation statement to the public mirroring page at /mirrors so it's
clear that protocol is dead (not just resting).
Richard
On 29 September 2013 13:07, Donald Stufft don...@stufft.io wrote:
On Sep 28, 2013, at 10:16