As of Python 3.5 Steve Dower has taken over the Windows builds of Python from Martin van Loewis.  He's also taken over for 2.7--though Martin's still doing builds for 3.4.

For both versions, Steve is using all-new tooling for the build process.  The output is different, too; he's producing .exe installers instead of .msi installers, and he has snazzy new "web-based" installers where the initial download is small, then it downloads the rest dynamically.

Steve's also changed the authentication process.  His new installers rely on a Windows digital signature technology called Authenticode where the signature is built right into the .exe file.  Windows platforms will automatically authenticate executables signed with Authenticode, so this is both secure and convenient.

Martin's build process also digitally signed the files he built, but not using Authenticode (or at least I don't think so).  Like the Mac and source code releases, his automation used GnuPG to produce separate ".asc" files containing digital signatures.  This meant authentication was a manual process.

The Authenticode approach sounds great.  But there are advantages to the GnuPG approach too:

My Windows development days are firmly behind me.  So I don't really have an opinion here.  So I put it to you, Windows Python developers: do you care about GnuPG signatures on Windows-specific files?  Or do you not care?


/arry

p.s. And, of course, my thanks to both Steve and Martin for their past and continuing service to the Python community!  It's a pleasure working with each of them.  (Both of them?  I forget how English works.)