[pydotorg-www] project plan
Michael Foord
mfoord at python.org
Mon Apr 19 23:49:12 CEST 2010
On 19/04/2010 23:24, anatoly techtonik wrote:
> On Mon, Apr 19, 2010 at 11:51 PM, "Martin v. Löwis"<martin at v.loewis.de> wrote:
>
>> About the only approach I can think of is PGP signing by the actual
>> package authors, which is already supported in PyPI (but not in
>> setuptools/distribute, AFAIK). We could strengthen this with our own web
>> of trust within the community of PyPI users, which would take
>> some time to setup. We could also encourage the use of CACert user
>> certificates for code signing in stead/in addition.
>>
> IIRC the biggest hole with PyPI and setuptools for now is that it
> doesn't allow to execute "setup.py bdist register upload" without
> saving password in clear form on user system.
>
Tarek Ziade wants to integrate the keyring project (using your system
keyring) with distutils:
http://pypi.python.org/pypi/keyring
This project is the result of last year's google summer of code. Not
sure what the status of the integration is but I expect it will be part
of disutils2.
> CCed to catalog-sig. Let's see if it will bounce.
>
My guess is that you'll need to be subscribed to post to that list...
Michael Foord
--
http://www.ironpythoninaction.com/
More information about the pydotorg-www
mailing list