I'm not sure pypi.python.org should remain in the sites list, as from what I read of the upstream issue, it doesn't appear there is clear intent (yet) for it to support the alt (original) method, or a method for fetching distribution files without knowing file content hashes.

Additionally, keeping pypi.python.org in the list is likely to break portscout (which probably is broken now), at least until we implement (in bsd.sites.mk and/or portscout), some redirector foo/magic ala: https://github.com/dstufft/pypi-debian I don't like the idea that we should be required to.

I've asked Donald (on IRC) what the intention and recommendation for downstreams is right now, and into the future:

tldr of pypi issue 438 is downstreams should (always and ony) use  https://files.pythonhosted.org for distfiles, and no longer pypi.python.org?

supplemental, will/can pypi.python.org ever get the alt-method for obtaining files without knowing hashes?

Until there is clarity/roadmap, i think the sites list should only contain hosts that support exactly and only the method we use to fetch those files.

Which version of the ports tree are you using? It seems this patch is already applied.