[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
Ben Finney
ben+python at benfinney.id.au
Mon Apr 6 01:15:17 CEST 2015
Steve Dower <Steve.Dower at microsoft.com> writes:
> Nathaniel Smith wrote:
> > And I suspect python-dev generally doesn't put much weight on the
> > extra effort required (release managers have all been using gpg for
> > decades, it's pretty trivial)
>
> I'm aware of this, but still don't see it as a reason to unnecessarily
> duplicate process.
That's a good argument. But it's one against Authenticode, because
that's a single-platform process that duplicates an existing convention
to use an open, free standard: OpenPGP certificates.
So the demands of “why do we need to duplicate this work?” should be
made to Microsoft for choosing to re-invent that long-standing and
superior (because open, free-software, and cross-platform) wheel.
--
\ “At my lemonade stand I used to give the first glass away free |
`\ and charge five dollars for the second glass. The refill |
_o__) contained the antidote.” —Emo Philips |
Ben Finney
More information about the Python-Dev
mailing list