[Distutils] PGP keys required? (Re: PEP 243)

Michael T. Babcock mbabcock at fibrespeed.net
Wed Jan 28 16:00:03 EST 2004

Would it be worthwhile to stipulate that anyone who wants to submit a 
package to an automated distutils system have a PGP/GPG key signed by an 
appropriate Python authority or another developper?  Initially these 
would all be an "authority" of some form, of course.  This at least 
allows the authentication of authors' packages as being intact and 
submitted by themselves, which then allows a good method of filtering /à 
la/ "I like this author's software", etc. via rating systems and the like.

Just a thought from a PGP activist.

Michael T. Babcock
C.T.O., FibreSpeed Ltd.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/distutils-sig/attachments/20040128/9ba0c372/attachment.html

More information about the Distutils-SIG mailing list