[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
Steve Dower
Steve.Dower at microsoft.com
Sun Apr 5 03:07:10 CEST 2015
There's no problem, per se, but initially it was less trouble to use the trusted PSF certificate and native support than to add an extra step using a program I don't already use and trust, am restricted in use by my employer (because of the license and the fact there are alternatives), and developing the trust in a brand new certificate.
Eventually the people saying "do it" will win through sheer persistence, since I'll get sick of trying to get a more detailed response and just concede. Not sure if that's how we want to be running the project though...
Top-posted from my Windows Phone
________________________________
From: Barry Warsaw<mailto:barry at python.org>
Sent: 4/4/2015 9:11
To: python-dev at python.org<mailto:python-dev at python.org>
Subject: Re: [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
On Apr 04, 2015, at 02:41 PM, Steve Dower wrote:
>"Relying only on Authenticode for Windows installers would result in a break
>in technology w/r to the downloads we make available for Python, since all
>other files are (usually) GPG signed"
It's the "only" part I have a question about.
Does the use of Authenticode preclude detached GPG signatures of the exe file?
I can't see how it would, but maybe there's something (well, a lot of
somethings ;) I don't know about Windows.
If not, then what's the problem with also providing a GPG signature?
Cheers,
-Barry
_______________________________________________
Python-Dev mailing list
Python-Dev at python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/steve.dower%40microsoft.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20150405/bd8278b7/attachment-0001.html>
More information about the Python-Dev
mailing list