[Distutils] Trust Management ....
guettliml at thomas-guettler.de
Wed Nov 9 02:47:55 EST 2016
Am 05.11.2016 um 07:29 schrieb Nick Coghlan:
> On 4 November 2016 at 06:07, Nathaniel Smith <njs at pobox.com> wrote:
>> I think we're drifting pretty far off topic here... IIRC the original
>> discussion was about whether the travis-ci infrastructure could be suborned
>> to provide an sdist->wheel autobuilding service for pypi. (Answer: maybe,
>> though it would be pretty awkward, and no one seems to be jumping up to make
>> it happen.)
> The hard part of designing any such system isn't so much the building
> process, it's the authentication, authorisation and trust management
> for the release publication step.
Yes, trust management is very hard.
I think it can't be solved, and never will.
Things are different if you run a build server in your own LAN (self hosting).
More information about the Distutils-SIG