[pydotorg-www] project plan

Michael Foord mfoord at python.org
Mon Apr 19 23:49:12 CEST 2010

On 19/04/2010 23:24, anatoly techtonik wrote:
> On Mon, Apr 19, 2010 at 11:51 PM, "Martin v. Löwis"<martin at v.loewis.de>  wrote:
>> About the only approach I can think of is PGP signing by the actual
>> package authors, which is already supported in PyPI (but not in
>> setuptools/distribute, AFAIK). We could strengthen this with our own web
>> of trust within the community of PyPI users, which would take
>> some time to setup. We could also encourage the use of CACert user
>> certificates for code signing in stead/in addition.
> IIRC the biggest hole with PyPI and setuptools for now is that it
> doesn't allow to execute "setup.py bdist register upload" without
> saving password in clear form on user system.

Tarek Ziade wants to integrate the keyring project (using your system 
keyring) with distutils:


This project is the result of last year's google summer of code. Not 
sure what the status of the integration is but I expect it will be part 
of disutils2.

> CCed to catalog-sig. Let's see if it will bounce.

My guess is that you'll need to be subscribed to post to that list...

Michael Foord


More information about the pydotorg-www mailing list