[Catalog-sig] [Draft] Package signing and verification process
Vinay Sajip
vinay_sajip at yahoo.co.uk
Wed Feb 6 21:53:45 CET 2013
> From: Donald Stufft <donald.stufft at gmail.com>
>
>Yea I'm actually aware of that, However it requires installing GPG like
>you said which is pretty unfriendly in general on Windows, and adds
>another barrier to release.
Agreed, but the problem isn't especially technical, it's related to licensing. To get gpg to run on Windows (at least, for the couple of 1.4.x releases I've worked with) you just need two files, gpg.exe and iconv.dll, and they can be anywhere on the path, or you can tell python-gnupg where to find them (assuming they are in the same directory). Of course, we can't redistribute them without GPL-licensing python-gnupg (I think - IANAL), which is BSD-licensed.
Regards,
Vinay Sajip
More information about the Catalog-SIG
mailing list