What maintenance is required?<div><br></div><div>Here&#39;s a link to the previous discussion of this issue:</div><div><br></div><div>&quot;Remove or deprecate wheel-signing features&quot;</div><div><a href="https://github.com/pypa/wheel/issues/196">https://github.com/pypa/wheel/issues/196</a></div><div><br></div><div>What has changed? There is still no method for specifying a keyring; whereas with GPG, all keys in the ring are trusted.<br><br>On Thursday, March 22, 2018, Nick Coghlan &lt;<a href="mailto:ncoghlan@gmail.com">ncoghlan@gmail.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 22 March 2018 at 22:35,  <span dir="ltr">&lt;<a href="mailto:alex.gronholm@nextday.fi" target="_blank">alex.gronholm@nextday.fi</a>&gt;</span> wrote: <br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>I am not changing the format of RECORD, I&#39;m simply removing the<br></div></div>
cryptographic signing and verifying functionality, just the way you<br>
described. Hash checking will stay. As we agreed earlier, those<br>
features could be deprecated or removed from the PEP entirely.<br></blockquote><div><br></div></div>Cool, that&#39;s what I thought you meant, but I figured I should double check since our discussion was a while ago now :)<br><br></div><div class="gmail_extra">Cheers,<br></div><div class="gmail_extra">Nick.<br clear="all"></div><div class="gmail_extra"><br>-- <br><div data-smartmail="gmail_signature">Nick Coghlan   |   <a href="mailto:ncoghlan@gmail.com" target="_blank">ncoghlan@gmail.com</a>   |   Brisbane, Australia</div>
</div></div>
</blockquote></div>