[Pythonmac-SIG] Package Manager idea, adding a URL scheme

Glenn Andreas gandreas at delver.com
Thu Oct 9 15:57:01 EDT 2003

>On Thursday, Oct 9, 2003, at 15:30 America/New_York, amk at amk.ca wrote:
>>On Thu, Oct 09, 2003 at 09:06:43PM +0200, Jack Jansen wrote:
>>>We are going to need digital signatures at some point, so if we're
>>>not going to have them in Python we have to warn users and provide
>>>them with an out-of-band way to test packages.
>>Can we use GnuPG?  It provides an interface for being run as a subprocess
>>and reporting results back in a form usable for programs.  Perhaps it could
>>just require that GnuPG is available (via Fink or some other mechanism).
>I think it would be a lot easier on the users if we could just let 
>them install a particular Python package that can do the signature 
>verification.  Is there anything in OpenSSL that could be exploited 
>for this purpose?

According to http://www.openssl.org/docs/crypto/DSA_sign.html it sure 
looks that way.

Now if this is directly usable, that's another question...

Glenn Andreas                      gandreas at delver.com 
Theldrow, Blobbo, Cythera, oh my!
Be good, and you will be lonesome

More information about the Pythonmac-SIG mailing list