Peep is pretty awesome and has the blessing of security. If we use it, it means we can not worry about uploading to pyrepo (although doing that might still be good for performance reasons). Here's a pull request to add it into solitude: https://github.com/mozilla/solitude/pull/340 I think we currently use this pip method here: https://github.com/oremj/fabdeploytools/blob/c7f61841713e002f31a659b9bea2f163f3cead17/fabdeploytools/helpers.py#L32-L39 Of course we need to be sure we load peep securely and one way to do that is off pyrepo... :)
I am not going to implement this for marketplace (zamboni, webpay, solitude), but I've filed https://bugzilla.mozilla.org/show_bug.cgi?id=1254143 to enable hash checking mode via pip for addons-server.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.