[Distutils] PyPI and GPG Signatures

Paul Moore p.f.moore at gmail.com
Thu May 12 08:05:43 EDT 2016


On 12 May 2016 at 12:41, Donald Stufft <donald at stufft.io> wrote:
> What do folks think? Would anyone be particularly against getting rid of the
> GPG support in PyPI?

28K projects is too many to do a mailshot, but would it be worth
asking this question more widely than on distutils-sig? Just "Do you
maintain a project on PyPI that has GPG sigs and would you care if we
removed them? If so, please let us know on the thread on
distutils-sig."

On an unrelated note, it might be a good feature for Warehouse to add
some means of notifying project owners for cases like this.
Paul


More information about the Distutils-SIG mailing list