[Distutils] GnuPG signatures on PyPI: why so few?
Donald Stufft
donald at stufft.io
Tue Mar 14 01:55:08 EDT 2017
> On Mar 14, 2017, at 1:48 AM, Glyph Lefkowitz <glyph at twistedmatrix.com> wrote:
>
> 3. A simple signing scheme, like https://minilock.io <https://minilock.io/> but for plaintext signatures rather than encryption <https://github.com/kaepora/miniLock/issues/198>, could potentially address this problem.
This is basically the plan, using it in conjunction with TUF for the fiddly bits (Because simply signing files isn’t good enough).
—
Donald Stufft
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20170314/24c89099/attachment.html>
More information about the Distutils-SIG
mailing list