[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
Kurt B. Kaiser
kbk at shore.net
Sat Apr 4 22:01:03 CEST 2015
On Sat, Apr 4, 2015, at 03:54 PM, M.-A. Lemburg wrote:
> On 04.04.2015 21:49, Kurt B. Kaiser wrote:
> >
> >
> > On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
> >> On 04.04.2015 21:02, Kurt B. Kaiser wrote:
> >>> For the record, that is a Symantec/Verisign code signing
> >>> certificate. We paid $1123 for it last April. It expires
> >>> April 2017.
> >>>
> >>> If you don't switch to a different vendor, e.g. startssl, please
> >>> contact me for renewal in 2017.
> >>
> >> FWIW: The PSF mostly uses StartSSL nowadays and they also support code
> >> signing certificates. Given that this option is a lot cheaper than
> >> Verisign, I think we should switch, unless there are significant
> >> reasons not to. We should revisit this in 2017.
> >
> > Agree - apparently the starlssl process for getting a signing cert is
> > complex/obscure, so we should start early.
>
> Not really. Once you have the org verification it's really easy.
>
> > Let me know if I can help providing PSF organization verification.
>
> I already completed that for the current cycle.
One can hope. We shall see :-)
KBK
More information about the Python-Dev
mailing list