[Distutils] PGP keys required? (Re: PEP 243)
Michael T. Babcock
mbabcock at fibrespeed.net
Wed Jan 28 16:00:03 EST 2004
Would it be worthwhile to stipulate that anyone who wants to submit a
package to an automated distutils system have a PGP/GPG key signed by an
appropriate Python authority or another developper? Initially these
would all be an "authority" of some form, of course. This at least
allows the authentication of authors' packages as being intact and
submitted by themselves, which then allows a good method of filtering /à
la/ "I like this author's software", etc. via rating systems and the like.
Just a thought from a PGP activist.
--
Michael T. Babcock
C.T.O., FibreSpeed Ltd.
http://www.fibrespeed.net/~mbabcock
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/distutils-sig/attachments/20040128/9ba0c372/attachment.html
More information about the Distutils-SIG
mailing list