[Catalog-sig] Including GnuPG with packaging tools

Giovanni Bajo rasky at develer.com
Sun Feb 10 18:53:15 CET 2013


Il giorno 10/feb/2013, alle ore 18:08, Antoine Pitrou <solipsis at pitrou.net> ha scritto:

> 
> Hello,
> 
> Vinay Sajip <vinay_sajip <at> yahoo.co.uk> writes:
>> 
>> I've contacted the FSF about the licensing implications of including gpg with
>> Python programs. This is primarily for Windows - Posix users are better off
>> installing through their distro package manager or equivalent of the
>> Homebrew/MacPorts type, if necessary.
> 
> You want to post this on python-dev, not catalog-sig.
> 
> Also, before inquiring about legal matters, it should first be decided
> whether it is desirable to ship our version of GnuPG, or not.
> (unless there has already been a thread about this and I've missed it :-))


There is an open discussion whether to use TUF or GPG. If we go with GPG, then we wlll discuss what to do, given that:

1) for users, the problem is not on python-dev, but rather on the maintainers of package managers (pip, easy_install) that need to decide how to ship/install GPG to verify signatures.
2) for maintainers, I don't see a strong need to ship it with distutils within Python, as long as we have clear documentation on how to install it. But this is open for discussion of course.

-- 
Giovanni Bajo   ::  rasky at develer.com
Develer S.r.l.  ::  http://www.develer.com

My Blog: http://giovanni.bajo.it





-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4346 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130210/26574c6c/attachment.bin>


More information about the Catalog-SIG mailing list