[pydotorg-www] project plan
Michael Foord
mfoord at python.org
Mon Apr 19 23:51:20 CEST 2010
On 19/04/2010 23:49, Michael Foord wrote:
> On 19/04/2010 23:24, anatoly techtonik wrote:
>> On Mon, Apr 19, 2010 at 11:51 PM, "Martin v.
>> Löwis"<martin at v.loewis.de> wrote:
>>> About the only approach I can think of is PGP signing by the actual
>>> package authors, which is already supported in PyPI (but not in
>>> setuptools/distribute, AFAIK). We could strengthen this with our own
>>> web
>>> of trust within the community of PyPI users, which would take
>>> some time to setup. We could also encourage the use of CACert user
>>> certificates for code signing in stead/in addition.
>> IIRC the biggest hole with PyPI and setuptools for now is that it
>> doesn't allow to execute "setup.py bdist register upload" without
>> saving password in clear form on user system.
>
> Tarek Ziade wants to integrate the keyring project (using your system
> keyring) with distutils:
>
> http://pypi.python.org/pypi/keyring
>
> This project is the result of last year's google summer of code. Not
> sure what the status of the integration is but I expect it will be
> part of disutils2.
>
None of this has anything to do with the proposed revamp of python.org
of course. :-)
All the best,
Michael Foord
>> CCed to catalog-sig. Let's see if it will bounce.
>
> My guess is that you'll need to be subscribed to post to that list...
>
> Michael Foord
>
--
http://www.ironpythoninaction.com/
More information about the pydotorg-www
mailing list