[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
Barry Warsaw
barry at python.org
Sat Apr 4 18:10:23 CEST 2015
On Apr 04, 2015, at 02:41 PM, Steve Dower wrote:
>"Relying only on Authenticode for Windows installers would result in a break
>in technology w/r to the downloads we make available for Python, since all
>other files are (usually) GPG signed"
It's the "only" part I have a question about.
Does the use of Authenticode preclude detached GPG signatures of the exe file?
I can't see how it would, but maybe there's something (well, a lot of
somethings ;) I don't know about Windows.
If not, then what's the problem with also providing a GPG signature?
Cheers,
-Barry
More information about the Python-Dev
mailing list