[Distutils] Trust Management ....

Thomas Güttler guettliml at thomas-guettler.de
Wed Nov 9 02:47:55 EST 2016


Am 05.11.2016 um 07:29 schrieb Nick Coghlan:
> On 4 November 2016 at 06:07, Nathaniel Smith <njs at pobox.com> wrote:
>> I think we're drifting pretty far off topic here... IIRC the original
>> discussion was about whether the travis-ci infrastructure could be suborned
>> to provide an sdist->wheel autobuilding service for pypi. (Answer: maybe,
>> though it would be pretty awkward, and no one seems to be jumping up to make
>> it happen.)
> 
> The hard part of designing any such system isn't so much the building
> process, it's the authentication, authorisation and trust management
> for the release publication step.

Yes, trust management is very hard.

I think it can't be solved, and never will.

Things are different if you run a build server in your own LAN (self hosting).

Regards,
  Thomas Güttler

-- 
http://www.thomas-guettler.de/


More information about the Distutils-SIG mailing list