[Python-Dev] Signed packages (original) (raw)
martin at v.loewis.de martin at v.loewis.de
Thu Jun 28 13:56:30 CEST 2012
- Previous message: [Python-Dev] Signed packages
- Next message: [Python-Dev] Status of packaging in 3.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Zitat von Hynek Schlawack <hs at ox.cx>:
Am 23.06.12 14:03, schrieb martin at v.loewis.de:
I'm surprised gpg hasn't been mentioned here. I think these are all solved problems, most free software that is signed signs it with the gpg key of the author. In that case all that is needed is that the cheeseshop allows the uploading of the signature. For the record, the cheeseshop has been supporting pgp signatures for about ten years now. Several projects have been using that for quite a while in their releases. Also for the record, it?s broken as of Python 3.2. See http://bugs.python.org/issue10571
That's different, though: PyPI continues to support it just fine. It's only distutils which has it broken. If you manually run gpg, and manually upload through the web interface, it still works.
Regards, Martin
- Previous message: [Python-Dev] Signed packages
- Next message: [Python-Dev] Status of packaging in 3.3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]