[Catalog-sig] Including GnuPG with packaging tools
Giovanni Bajo
rasky at develer.com
Sun Feb 10 18:53:15 CET 2013
Il giorno 10/feb/2013, alle ore 18:08, Antoine Pitrou <solipsis at pitrou.net> ha scritto:
>
> Hello,
>
> Vinay Sajip <vinay_sajip <at> yahoo.co.uk> writes:
>>
>> I've contacted the FSF about the licensing implications of including gpg with
>> Python programs. This is primarily for Windows - Posix users are better off
>> installing through their distro package manager or equivalent of the
>> Homebrew/MacPorts type, if necessary.
>
> You want to post this on python-dev, not catalog-sig.
>
> Also, before inquiring about legal matters, it should first be decided
> whether it is desirable to ship our version of GnuPG, or not.
> (unless there has already been a thread about this and I've missed it :-))
There is an open discussion whether to use TUF or GPG. If we go with GPG, then we wlll discuss what to do, given that:
1) for users, the problem is not on python-dev, but rather on the maintainers of package managers (pip, easy_install) that need to decide how to ship/install GPG to verify signatures.
2) for maintainers, I don't see a strong need to ship it with distutils within Python, as long as we have clear documentation on how to install it. But this is open for discussion of course.
--
Giovanni Bajo :: rasky at develer.com
Develer S.r.l. :: http://www.develer.com
My Blog: http://giovanni.bajo.it
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4346 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130210/26574c6c/attachment.bin>
More information about the Catalog-SIG
mailing list