[pydotorg-www] project plan
mfoord at python.org
Mon Apr 19 23:49:12 CEST 2010
On 19/04/2010 23:24, anatoly techtonik wrote:
> On Mon, Apr 19, 2010 at 11:51 PM, "Martin v. Löwis"<martin at v.loewis.de> wrote:
>> About the only approach I can think of is PGP signing by the actual
>> package authors, which is already supported in PyPI (but not in
>> setuptools/distribute, AFAIK). We could strengthen this with our own web
>> of trust within the community of PyPI users, which would take
>> some time to setup. We could also encourage the use of CACert user
>> certificates for code signing in stead/in addition.
> IIRC the biggest hole with PyPI and setuptools for now is that it
> doesn't allow to execute "setup.py bdist register upload" without
> saving password in clear form on user system.
Tarek Ziade wants to integrate the keyring project (using your system
keyring) with distutils:
This project is the result of last year's google summer of code. Not
sure what the status of the integration is but I expect it will be part
> CCed to catalog-sig. Let's see if it will bounce.
My guess is that you'll need to be subscribed to post to that list...
More information about the pydotorg-www