[Catalog-sig] [Draft] Package signing and verification process
Donald Stufft
donald.stufft at gmail.com
Thu Feb 7 14:20:02 CET 2013
On Thursday, February 7, 2013 at 5:32 AM, Jesse Noller wrote:
> That tutorial would have to be amazingly easy, and GPG could never be a hard requirement. GPG is still annoying, clunky and painful enough that it would just become a nuisance and people would move elsewhere.
>
> So adding support? Ok; but it would have to be optional and not mandatory. I'd rather finish the ssl certs first, and get hashes upgraded from md5 to sha-256 and getting clients to enforce those just to start
pip will support any of the guaranteed hashes. I added that in because I wanted sha256 on Crate.io.
easy_install and Buildout probably need that still.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130207/77df2257/attachment.html>
More information about the Catalog-SIG
mailing list