The file "record" inside the archive is signed.
On 22/08/12 03:52, Daniel Holth wrote:
> I've made what I think is exciting progress on the digital signatures
> design for wheel (updated built/binary packages for Python; intended
> to replace egg). The insight is that we can overload the "extras"
> syntax as a convenient way to mention the public key we expect:
>
> package[extra, ed25519=ouBJlTJJ4SJXoy8Bi1KRlewWLU6JW7HUXTgvU1YRuiA]
I missed this when you first posted it. I like it a lot.
The signature would be on the wheel binary package file?
--
David-Sarah Hopwood ⚥