[Python-Dev] Signed packages
martin at v.loewis.de
martin at v.loewis.de
Thu Jun 28 13:56:30 CEST 2012
Zitat von Hynek Schlawack <hs at ox.cx>:
> Am 23.06.12 14:03, schrieb martin at v.loewis.de:
>
>>> I'm surprised gpg hasn't been mentioned here. I think these are all
>>> solved problems, most free software that is signed signs it with the
>>> gpg key of the author. In that case all that is needed is that the
>>> cheeseshop allows the uploading of the signature.
>> For the record, the cheeseshop has been supporting pgp signatures
>> for about ten years now. Several projects have been using that for
>> quite a while in their releases.
>
> Also for the record, it?s broken as of Python 3.2. See
> http://bugs.python.org/issue10571
That's different, though: PyPI continues to support it just fine.
It's only distutils which has it broken. If you manually run gpg,
and manually upload through the web interface, it still works.
Regards,
Martin
More information about the Python-Dev
mailing list