[Distutils] GnuPG signatures on PyPI: why so few?

Ben Finney ben+python at benfinney.id.au
Sun Mar 12 08:13:37 EDT 2017

Paul Moore <p.f.moore at gmail.com> writes:

> One tool that needs improvement to be easier to use for this to happen
> is GPG itself.

No disagreement from me on that. And indeed, the GnuPG project's chronic
under-funding eventually drew attention from the new Core Infrastructure
Initiative <URL:https://www.coreinfrastructure.org/gnupg> to improve it
faster than was historically the case.

This is thanks in large part to the amazing work of Nadia Eghbal
<URL:http://nadiaeghbal.com/oss> in drawing attention to how critical
free software, such as GnuPG, benefits society enormously and must
receive reliable funding from the organisations who benefit.

If anyone reading this works for any organisation that wants to ensure
such critical free-software infrastructure continues to be consistently
funded and maintained, encourage regular financial contribution to the
Core Infrastructure Initiative <URL:https://www.coreinfrastructure.org/>
or similar projects.

> As a Windows user, I've "played" with it in the past, and found it
> frustratingly difficult.

I hope many people here will find the guide published by the FSF, Email
Self-Defense <URL:https://emailselfdefense.fsf.org/>, a useful walk
through how to set it up properly.

 \     “I must say that I find television very educational. The minute |
  `\       somebody turns it on, I go to the library and read a book.” |
_o__)                                                    —Groucho Marx |
Ben Finney

More information about the Distutils-SIG mailing list