[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
Brian Curtin
brian at python.org
Fri Apr 3 15:44:36 CEST 2015
On Fri, Apr 3, 2015 at 7:25 AM, Paul Moore <p.f.moore at gmail.com> wrote:
> On 3 April 2015 at 10:56, Larry Hastings <larry at hastings.org> wrote:
>> My Windows development days are firmly behind me. So I don't really have an
>> opinion here. So I put it to you, Windows Python developers: do you care
>> about GnuPG signatures on Windows-specific files? Or do you not care?
>
> I don't have a very strong security background, so take my views with
> a pinch of saly, but I see Authenticode as a way of being sure that
> what I *run* is "OK". Whereas a GPG signature lets me check that the
> content of a file is as intended. So there are benefits to both, and I
> thing we should continue to provide GPG signatures. (Disclaimer: I've
> never in my life actually *checked* a GPG signature for a file...)
I haven't been on Windows in a bit, but this is my
understanding/expectation as well.
More information about the Python-Dev
mailing list