[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?

[Barry Warsaw]

On Apr 04, 2015, at 02:41 PM, Steve Dower wrote:

>"Relying only on Authenticode for Windows installers would result in a break
>in technology w/r to the downloads we make available for Python, since all
>other files are (usually) GPG signed"

It's the "only" part I have a question about.

Does the use of Authenticode preclude detached GPG signatures of the exe file?
I can't see how it would, but maybe there's something (well, a lot of
somethings ;) I don't know about Windows.

If not, then what's the problem with also providing a GPG signature?

Cheers,
-Barry