Add additional reasons and explicitly reject the "next steps" of PEP 438

pep-0470.txt

@@ -389,6 +389,9 @@ This includes:
   hosted.
 * Default to disallowing safely externally hosted files with only a global
   flag to enable them, but disallow unsafely hosted.
+* Continue on the suggested path of PEP 438 and remove the option to unsafely
+  host externally but continue to allow the option to safely host externally.
+
 
 These proposals are rejected because:
 
@@ -454,6 +457,18 @@ These proposals are rejected because:
   or attempt to deploy to a server where their install will fail again until
   they add the "make it work" flag in their configuration file.
 
+* The URL classification only works for a certain subset of projects, however
+  it does not allow for any project which needs additional restrictions such
+  as Access Controls. This means that there would be two methods of doing the
+  same thing, linking to a file safely and hosting an index. Hosting an index
+  works in all situations and by relying on this we make for a more consistent
+  experience no matter the reason for external hosting.
+
+* The safe external hosting option hampers the ability of PyPI to upgrade it's
+  security infrastructure. For instance if MD5 becomes broken in the future
+  there will be no way for PyPI to upgrade the hashes of the projects which
+  rely on safe external hosting via MD5 while files that are hosted on PyPI
+  can simply be processed over with a new hash function.
 
 Copyright
 =========