[Catalog-sig] PEP 243 - Module Repository Upload Mechanism

[Martin v. Loewis]

Thomas Heller <thomas.heller@ion-tof.com> writes:

> There is a security concern which has to be addressed, I'm aware of
> that: when creating the signature you have to supply your passphrase
> to the running distutils sdist or bdist_wininst command. I don't think
> I like this.

Are you really supplying it to distutils? I'd expect that gpg could
read it directly from the terminal...

Regards,
Martin