[Distutils] PyPI and GPG Signatures
Donald Stufft
donald at stufft.io
Thu May 12 08:28:16 EDT 2016
> On May 12, 2016, at 8:05 AM, Paul Moore <p.f.moore at gmail.com> wrote:
>
> On 12 May 2016 at 12:41, Donald Stufft <donald at stufft.io> wrote:
>> What do folks think? Would anyone be particularly against getting rid of the
>> GPG support in PyPI?
>
> 28K projects is too many to do a mailshot, but would it be worth
> asking this question more widely than on distutils-sig? Just "Do you
> maintain a project on PyPI that has GPG sigs and would you care if we
> removed them? If so, please let us know on the thread on
> distutils-sig.”
It's 28k *files* but a single project can have more than one file. The total
number of projects that have *ever* uploaded a file with a signature is 3.5k
and of that 3.5k, only 2.7k projects have their *latest* release uploaded with
signatures.
>
> On an unrelated note, it might be a good feature for Warehouse to add
> some means of notifying project owners for cases like this.
> Paul
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20160512/302c5f97/attachment.sig>
More information about the Distutils-SIG
mailing list