[Python-Dev] Do we need to sign Windows files with GnuPG? (original) (raw)
Paul Moore p.f.moore at gmail.com
Fri Apr 3 14:25:25 CEST 2015
- Previous message (by thread): [Python-Dev] Do we need to sign Windows files with GnuPG?
- Next message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 3 April 2015 at 10:56, Larry Hastings <larry at hastings.org> wrote:
My Windows development days are firmly behind me. So I don't really have an opinion here. So I put it to you, Windows Python developers: do you care about GnuPG signatures on Windows-specific files? Or do you not care?
I don't have a very strong security background, so take my views with a pinch of saly, but I see Authenticode as a way of being sure that what I run is "OK". Whereas a GPG signature lets me check that the content of a file is as intended. So there are benefits to both, and I thing we should continue to provide GPG signatures. (Disclaimer: I've never in my life actually checked a GPG signature for a file...)
Paul
- Previous message (by thread): [Python-Dev] Do we need to sign Windows files with GnuPG?
- Next message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]