Run a PyPI mirror about python-tuf HOT 11 CLOSED

I agree this is what we should be doing.

Herman: Can you get a new VM setup (Linux only)? I think that
pypi-tuf-mirror.poly.edu is probably a good name unless Trishank objects.

I think that Trishank, me, Vlad, and Kon all need accounts on this system.
I would like to be able log-in with my ssh key (as always).

Thanks,
Justin

On Sun, Mar 17, 2013 at 8:22 PM, TKK [email protected] wrote:

Nick Coghlan would like some measurements with TUF. He would like to see
any overhead that TUF would add and any delay that will be seen if a new
package was added/modified. He also mentioned that it might be nice for us
to become a mirror for Pypi so we can run experiments/measurements.

—
Reply to this email directly or view it on GitHubhttps://github.com/akonst/tuf/issues/44
.

from python-tuf.

Unfortunately ping distance from the mirror is a tremendous factor in "pip install" speeds.

from python-tuf.

Thanks for the tip. We should certainly keep this in mind for our measurements.

from python-tuf.

Working on this at the moment; will report back with setup.

from python-tuf.

Beginning to write automation for creating, updating and destroying a TUF-secured PyPI mirror.

from python-tuf.

Okay, I have now automated all the steps for setting up a TUF-secured PyPI mirror.

Next steps: automate updates of TUF-secured PyPI mirror; testing, testing, testing!

P.S.: I am going to be busy with my machine learning midterm next week, so more news after that.

from python-tuf.

If you've been following distutils there is a new mirroring client that you can drop in instead of pep381client

TKK [email protected] wrote:

Okay, I have now automated all the steps for setting up a TUF-secured PyPI mirror.

Next steps: automate updates of TUF-secured PyPI mirror; testing, testing, testing!

P.S.: I am going to be busy with my machine learning midterm next week, so more news after that.

—
Reply to this email directly or view it on GitHub.

from python-tuf.

Yes, bandersnatch, I have noted it in my comments, thanks :)

from python-tuf.

Now we handle updates to delegated target roles, or their target delegations, induced by catalogued PyPI package updates.

Next: handle revocation of deletion of catalogued PyPI packages.

I am testing all of this on my mirror of PyPI, and I will be sure to inform you as soon as I think it is sufficiently stable.

from python-tuf.

Now that I have a complete (not necessarily latest) PyPI mirror (thanks to bandersnatch), I have started generating all the TUF metadata on my machine. Let's see how long it takes...

from python-tuf.

We are now running a public TUF-secured PyPI mirror.

from python-tuf.