[Distutils] vetting, signing, verification of release files
holger at merlinux.eu
Tue Jul 16 13:17:12 CEST 2013
On Tue, Jul 16, 2013 at 12:21 +0200, Jannis Leidel wrote:
> On 16.07.2013, at 11:19, holger krekel <holger at merlinux.eu> wrote:
> > Any thoughts or pointers to existing efforts within the (Python)
> > packaging ecologies?
> Erik Rose just released peep the other day , which admittedly doesn't use gpg but at least allows pip users to simplify the manual vetting process.
> 1: https://pypi.python.org/pypi/peep
thanks for the pointer, i actually saw that earlier. If i see it correctly
it does not target "vetting sharing": if a 1000 careful people want to install
Django-1.5.1.tar.gz they each need to do the verification work
individually, each creating their particular "requirements.txt" with
More information about the Distutils-SIG