[Distutils] PEP 458: Surviving a Compromise of PyPI: Round 1

Paul Moore p.f.moore at gmail.com
Sat Nov 23 15:58:23 CET 2013

On 22 November 2013 17:06, Justin Cappos <jcappos at nyu.edu> wrote:
>> "unclaimed" project. What's this? What is the process of "claiming a
>> project"? Is there a better terminology? This reads like picking abandoned
>> project or project without authorship.
> Yes, it is essentially a project where the owner hasn't uploaded a public
> key to signal they will manage their own project.   So it seems like you got
> the gist of this from the name.

Personally, I'm not too keen on the term "unclaimed". If I upload, own
and manage a project but don't want to bother with the hassle of
generating and managing signing keys, I don't think that means my
project should be described by the (frankly, somewhat detrimental)
term "unclaimed". "Unsigned" is accurate and specific - "unclaimed"
sounds like I don't care about my project.


More information about the Distutils-SIG mailing list