Comments (11)
I agree this is what we should be doing.
Herman: Can you get a new VM setup (Linux only)? I think that
pypi-tuf-mirror.poly.edu is probably a good name unless Trishank objects.
I think that Trishank, me, Vlad, and Kon all need accounts on this system.
I would like to be able log-in with my ssh key (as always).
Thanks,
Justin
On Sun, Mar 17, 2013 at 8:22 PM, TKK [email protected] wrote:
Nick Coghlan would like some measurements with TUF. He would like to see
any overhead that TUF would add and any delay that will be seen if a new
package was added/modified. He also mentioned that it might be nice for us
to become a mirror for Pypi so we can run experiments/measurements.—
Reply to this email directly or view it on GitHubhttps://github.com/akonst/tuf/issues/44
.
from python-tuf.
Unfortunately ping distance from the mirror is a tremendous factor in "pip install" speeds.
from python-tuf.
Thanks for the tip. We should certainly keep this in mind for our measurements.
from python-tuf.
Working on this at the moment; will report back with setup.
from python-tuf.
Beginning to write automation for creating, updating and destroying a TUF-secured PyPI mirror.
from python-tuf.
Okay, I have now automated all the steps for setting up a TUF-secured PyPI mirror.
Next steps: automate updates of TUF-secured PyPI mirror; testing, testing, testing!
P.S.: I am going to be busy with my machine learning midterm next week, so more news after that.
from python-tuf.
If you've been following distutils there is a new mirroring client that you can drop in instead of pep381client
TKK [email protected] wrote:
Okay, I have now automated all the steps for setting up a TUF-secured PyPI mirror.
Next steps: automate updates of TUF-secured PyPI mirror; testing, testing, testing!
P.S.: I am going to be busy with my machine learning midterm next week, so more news after that.
—
Reply to this email directly or view it on GitHub.
from python-tuf.
Yes, bandersnatch, I have noted it in my comments, thanks :)
from python-tuf.
Now we handle updates to delegated target roles, or their target delegations, induced by catalogued PyPI package updates.
Next: handle revocation of deletion of catalogued PyPI packages.
I am testing all of this on my mirror of PyPI, and I will be sure to inform you as soon as I think it is sufficiently stable.
from python-tuf.
Now that I have a complete (not necessarily latest) PyPI mirror (thanks to bandersnatch), I have started generating all the TUF metadata on my machine. Let's see how long it takes...
from python-tuf.
We are now running a public TUF-secured PyPI mirror.
from python-tuf.
Related Issues (20)
- build: Enable python 3.12 HOT 4
- investigate alternative hatchling version pinning HOT 2
- Consider including `securesystemslib[crypto]` as a dependency in TUF HOT 4
- VerificationResult should include keys for keyids HOT 4
- Replace most linting tools with ruff HOT 1
- repository: maybe provide a Repository.get_delegating_role() HOT 2
- Yearly maintainer permissions review HOT 1
- Change `securesystemslib.dsse.Envelope.signatures` to dict upstream HOT 2
- Test all components with DSSE
- Test "ruff check --output-format=github" HOT 2
- linting: Enable more ruff rulesets HOT 7
- linting: enable pycodestyle for tests
- datetime.utcnow() is deprecated: stop using it HOT 1
- SimpleEnvelope._DEFAULT_PAYLOAD_TYPE should be public? HOT 1
- should build job require prior test job to pass? HOT 3
- possible blog post: Caching TUF metadata HOT 3
- provide user-agent customization?
- workflows: macos runners are missing older pythons
- next release HOT 1
- user-agent should maybe mention "python"? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-tuf.