[Distutils] PGP keys required? (Re: PEP 243)
Bob Ippolito
bob at redivi.com
Thu Jan 29 06:26:29 EST 2004
On Jan 29, 2004, at 6:15 AM, Anthony Baxter wrote:
>
>>>> "Moore, Paul" wrote
>> From: Michael T. Babcock
>>> Would it be worthwhile to stipulate that anyone who wants to submit a
>>> package to an automated distutils system have a PGP/GPG key signed by
>>> an appropriate Python authority or another developper?
>
>> -1. The effect would be to bar new submitters, who wouldn't have the
>> necessary signed key, as well as to people like myself who can't be
>> bothered trying to maintain a PGP key.
>
> It should be at least an option, anyway.
Isn't most of the stuff used to support GPG under the GNU GPL license?
I think that would preclude it from being incorporated into the
mainline of distutils.
Personally, I don't think it would be a popular enough feature to
justify the changes. For the people who do care, a "meta-index" could
be created where the developer could, email a pgp-signed or s/mime
signed message containing the URLs and sha1 hashes of the files to some
robot-address that would insert it into the "meta-index" if the
credentials were ok.
-bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2357 bytes
Desc: not available
Url : http://mail.python.org/pipermail/distutils-sig/attachments/20040129/3bb30aa6/smime.bin
More information about the Distutils-SIG
mailing list