[pydotorg-www] project plan

Michael Foord mfoord at python.org
Mon Apr 19 23:51:20 CEST 2010

On 19/04/2010 23:49, Michael Foord wrote:
> On 19/04/2010 23:24, anatoly techtonik wrote:
>> On Mon, Apr 19, 2010 at 11:51 PM, "Martin v. 
>> Löwis"<martin at v.loewis.de>  wrote:
>>> About the only approach I can think of is PGP signing by the actual
>>> package authors, which is already supported in PyPI (but not in
>>> setuptools/distribute, AFAIK). We could strengthen this with our own 
>>> web
>>> of trust within the community of PyPI users, which would take
>>> some time to setup. We could also encourage the use of CACert user
>>> certificates for code signing in stead/in addition.
>> IIRC the biggest hole with PyPI and setuptools for now is that it
>> doesn't allow to execute "setup.py bdist register upload" without
>> saving password in clear form on user system.
> Tarek Ziade wants to integrate the keyring project (using your system 
> keyring) with distutils:
>     http://pypi.python.org/pypi/keyring
> This project is the result of last year's google summer of code. Not 
> sure what the status of the integration is but I expect it will be 
> part of disutils2.

None of this has anything to do with the proposed revamp of python.org 
of course. :-)

All the best,

Michael Foord

>> CCed to catalog-sig. Let's see if it will bounce.
> My guess is that you'll need to be subscribed to post to that list...
> Michael Foord


More information about the pydotorg-www mailing list