Closed trishankkarthik closed 10 years ago
I agree this is what we should be doing.
Herman: Can you get a new VM setup (Linux only)? I think that pypi-tuf-mirror.poly.edu is probably a good name unless Trishank objects.
I think that Trishank, me, Vlad, and Kon all need accounts on this system. I would like to be able log-in with my ssh key (as always).
Thanks, Justin
On Sun, Mar 17, 2013 at 8:22 PM, TKK notifications@github.com wrote:
Nick Coghlan would like some measurements with TUF. He would like to see any overhead that TUF would add and any delay that will be seen if a new package was added/modified. He also mentioned that it might be nice for us to become a mirror for Pypi so we can run experiments/measurements.
— Reply to this email directly or view it on GitHubhttps://github.com/akonst/tuf/issues/44 .
Unfortunately ping distance from the mirror is a tremendous factor in "pip install" speeds.
Thanks for the tip. We should certainly keep this in mind for our measurements.
Working on this at the moment; will report back with setup.
Beginning to write automation for creating, updating and destroying a TUF-secured PyPI mirror.
Okay, I have now automated all the steps for setting up a TUF-secured PyPI mirror.
Next steps: automate updates of TUF-secured PyPI mirror; testing, testing, testing!
P.S.: I am going to be busy with my machine learning midterm next week, so more news after that.
If you've been following distutils there is a new mirroring client that you can drop in instead of pep381client
TKK notifications@github.com wrote:
Okay, I have now automated all the steps for setting up a TUF-secured PyPI mirror.
Next steps: automate updates of TUF-secured PyPI mirror; testing, testing, testing!
P.S.: I am going to be busy with my machine learning midterm next week, so more news after that.
— Reply to this email directly or view it on GitHub.
Yes, bandersnatch, I have noted it in my comments, thanks :)
Now we handle updates to delegated target roles, or their target delegations, induced by catalogued PyPI package updates.
Next: handle revocation of deletion of catalogued PyPI packages.
I am testing all of this on my mirror of PyPI, and I will be sure to inform you as soon as I think it is sufficiently stable.
Now that I have a complete (not necessarily latest) PyPI mirror (thanks to bandersnatch), I have started generating all the TUF metadata on my machine. Let's see how long it takes...
We are now running a public TUF-secured PyPI mirror.
Nick Coghlan would like some measurements with TUF.
According to Monzur Muhammad: "He would like to see any overhead that TUF would add and any delay that will be seen if a new package was added/modified. He also mentioned that it might be nice for us to become a mirror for Pypi so we can run experiments/measurements."