[Distutils] PEP 458: Surviving a Compromise of PyPI: Round 1
Paul Moore
p.f.moore at gmail.com
Sat Nov 23 15:58:23 CET 2013
On 22 November 2013 17:06, Justin Cappos <jcappos at nyu.edu> wrote:
>> "unclaimed" project. What's this? What is the process of "claiming a
>> project"? Is there a better terminology? This reads like picking abandoned
>> project or project without authorship.
>
>
> Yes, it is essentially a project where the owner hasn't uploaded a public
> key to signal they will manage their own project. So it seems like you got
> the gist of this from the name.
Personally, I'm not too keen on the term "unclaimed". If I upload, own
and manage a project but don't want to bother with the hassle of
generating and managing signing keys, I don't think that means my
project should be described by the (frankly, somewhat detrimental)
term "unclaimed". "Unsigned" is accurate and specific - "unclaimed"
sounds like I don't care about my project.
Paul
More information about the Distutils-SIG
mailing list