[Python-Dev] Do we need to sign Windows files with GnuPG?
Paul Moore
p.f.moore at gmail.com
Fri Apr 3 14:25:25 CEST 2015
On 3 April 2015 at 10:56, Larry Hastings <larry at hastings.org> wrote:
> My Windows development days are firmly behind me. So I don't really have an
> opinion here. So I put it to you, Windows Python developers: do you care
> about GnuPG signatures on Windows-specific files? Or do you not care?
I don't have a very strong security background, so take my views with
a pinch of saly, but I see Authenticode as a way of being sure that
what I *run* is "OK". Whereas a GPG signature lets me check that the
content of a file is as intended. So there are benefits to both, and I
thing we should continue to provide GPG signatures. (Disclaimer: I've
never in my life actually *checked* a GPG signature for a file...)
Paul
More information about the Python-Dev
mailing list