[Distutils] PGP keys required? (Re: PEP 243)
Keith Jackson
krjackson at lbl.gov
Sun Feb 1 21:37:22 EST 2004
On Feb 1, 2004, at 6:10 PM, Bob Ippolito wrote:
> The pythonmac-sig proposed-but-nobody-is-working-on-it solution is for
> Jack and I to use some secure mechanism, let's say s/mime or pgp, to
> send the hash of our package *index* every time we make an update.
>
> That way, one hash is sent that confirms the integrity of every hash
> in the index.
A single S/MIME email from you or Jack would totally suffice for me for
the short term. That way I could look in the archive, verify the sig,
and know that the hashes are valid. (Assuming you and Jack aren't
really black hats. :)
--keith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2787 bytes
Desc: not available
Url : http://mail.python.org/pipermail/distutils-sig/attachments/20040201/7681aeed/smime.bin
More information about the Distutils-SIG
mailing list