From: Michael T. Babcock
> Would it be worthwhile to stipulate that anyone who wants to submit a
> package to an automated distutils system have a PGP/GPG key signed by
> an appropriate Python authority or another developper? Initially these
> would all be an "authority" of some form, of course. This at least
> allows the authentication of authors' packages as being intact and
> submitted by themselves, which then allows a good method of filtering
> à la "I like this author's software", etc. via rating systems and the
-1. The effect would be to bar new submitters, who wouldn't have the
necessary signed key, as well as to people like myself who can't be
bothered trying to maintain a PGP key.
Your mail to 'xml' with the subject
Is being held until the list moderator can review it for approval.
The reason it is being held:
SpamAssassin thinks there may be spam in this message.
Either the message will get posted to the list, or you will receive
notification of the moderator's decision.