[02:44:04] ** thinker_nb has left IRC (Remote closed the connection) [04:45:23] ** thinkeryzu has joined us [04:54:08] ** thinkeryzu has left IRC ("Download Gaim: http://gaim.sourceforge.net/") [04:54:43] ** thinkeryzu has joined us [05:13:03] ** whit has left IRC (Read error: 104 (Connection reset by peer)) [05:13:11] ** whit has joined us [05:24:11] ** thinkeryzu has left IRC (Read error: 110 (Connection timed out)) [05:27:32] ** whit has left IRC (Read error: 104 (Connection reset by peer)) [05:32:29] ** thinkeryzu has joined us [05:33:42] ** whit has joined us [05:59:52] [connected at Wed Aug 1 05:59:52 2007] [05:59:52] <> *** Looking up your hostname... [05:59:52] <> *** Checking ident [05:59:52] <> *** No identd (auth) response [05:59:52] <> *** Found your hostname [05:59:52] <> *** Your host is anthony.freenode.net[anthony.freenode.net/6667], running version hyperion-1.0.2b [05:59:54] [I have joined #peak] [10:18:53] ** zookofamilytime has joined us [10:40:11] ** zookofamilytime has left IRC () [10:49:11] ** zookofamilytime has joined us [11:12:55] ** zookofamilytime has left IRC () [11:28:58] ** whit_ has joined us [11:29:20] ** whit has left IRC (Read error: 104 (Connection reset by peer)) [11:47:35] whit_ is now known as whit [12:17:02] ** pje has joined us [12:44:38] ** dwon has joined us [12:45:19] Where can I find either a GPG-signed version of ez_setup.py ? [12:45:34] (or one on an official SSL site will do) [12:49:50] Why? [12:50:31] If you are concerned about authenticity, download directly from PyPI (md5sums are available from them too I believe) [12:56:21] ** zookofamilytime has joined us [12:58:23] ** zookofamilytime has left IRC (Client Quit) [13:34:42] and how do I know the PyPI repository is authentic? (More importantly, that my HTTP connections aren't being hijacked) [13:58:34] hmmm... maybe maintain your own index and copy of ez_setup.py? [14:04:42] It looks like that's what I'll have to do, though it looks like PyPI isn't authenticated either. :( [14:06:12] * dwon ponders why people still build package management tools that don't do proper authentication. I just found out today that CentOS 5 by default prompts people to install a GPG key it fetches over HTTP. [14:07:15] the entire point of the authentication is to make hijacking HTTP or the mirrors useless, and then they (CentOS) go and do that [14:27:41] dwon: you might take a look at the disutils list... the zope guys setup a Pypi mirror w/ improved speed [14:28:18] doing something like they did might give you the control you need to maintain your security concerns [14:29:06] if nothing else, you could force authentication on both sides [14:43:11] dwon: Its all python source, if you are concerned about it, read it [14:46:42] PJE doesn't seem to have a key on the public servers [14:47:04] And you seems to have quite a few (given that you have a relatively uncommon name) [14:52:21] ** whit has left IRC (Read error: 104 (Connection reset by peer)) [14:53:22] ** whit has joined us [15:51:19] ** zookofamilytime has joined us [16:00:38] zookofamilytime is now known as zooko [16:11:23] Anybody had a look at the trellis tutorial yet? [16:19:20] pje: is it in the code or online? [16:19:41] http://peak.telecommunity.com/DevCenter/Trellis [16:19:57] it's also the README.txt in SVN [16:20:24] cool... thanks [16:20:33] let me know if you have any questions [16:21:06] It's not 100% done yet -- but the basic tutorial is there. [16:21:41] cool... I'll check it out [17:42:28] ** zooko has left IRC () [18:22:55] ** zooko has joined us [19:10:24] ** zooko has left IRC () [20:35:36] ** pje has left IRC ("Client exiting")