Ideally authors will be signing their packages (using gpg keys). Of course
how to distribute keys is an exercise left to the reader.

On Friday, June 22, 2012 at 11:48 AM, Vinay Sajip wrote:

<martin <at> v.loewis.de> writes:


See above. Also notice that such signing is already implemented, as part
of PEP 381.

BTW, I notice that the certificate for https://pypi.python.org/ expired a week
ago ...

Regards,

Vinay Sajip


_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/python-dev/donald.stufft%40gmail.com