[Distutils] PGP keys required? (Re: PEP 243)

Moore, Paul Paul.Moore at atosorigin.com
Thu Jan 29 03:58:07 EST 2004

From: Michael T. Babcock
> Would it be worthwhile to stipulate that anyone who wants to submit a
> package to an automated distutils system have a PGP/GPG key signed by
> an appropriate Python authority or another developper? Initially these
> would all be an "authority" of some form, of course. This at least
> allows the authentication of authors' packages as being intact and
> submitted by themselves, which then allows a good method of filtering
> à la "I like this author's software", etc. via rating systems and the
> like.

-1. The effect would be to bar new submitters, who wouldn't have the
necessary signed key, as well as to people like myself who can't be
bothered trying to maintain a PGP key.


More information about the Distutils-SIG mailing list