[Catalog-sig] PyPI/pip security: waiting for input

Justin Cappos jcappos at poly.edu
Mon Mar 11 15:17:36 CET 2013

Yes, we're finishing this up now.   We have a working demo with TUF signing
PyPI metadata and pip (integrated with TUF) correctly checking signatures,

Trishank: when do you plan to share this?   Does Kon still have some
integration tests to write to show we meet the use cases from Giovanni's


On Mon, Mar 11, 2013 at 9:34 AM, Giovanni Bajo <rasky at develer.com> wrote:

> Hi Justin,
> just a quick reminder that we are still waiting for you guys to move over
> and start actually doing something. Are you going to draft a document on
> how exactly we can use TUF within the context of pip + PyPI, with all the
> different concerns and thread models handled in my document?
> Thanks!
> --
> Giovanni Bajo   ::  rasky at develer.com
> Develer S.r.l.  ::  http://www.develer.com
> My Blog: http://giovanni.bajo.it
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130311/e6e40449/attachment.html>

More information about the Catalog-SIG mailing list