[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG? (original) (raw)
Brian Curtin brian at python.org
Fri Apr 3 15:44:36 CEST 2015
- Previous message (by thread): [Python-Dev] Do we need to sign Windows files with GnuPG?
- Next message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Apr 3, 2015 at 7:25 AM, Paul Moore <p.f.moore at gmail.com> wrote:
On 3 April 2015 at 10:56, Larry Hastings <larry at hastings.org> wrote:
My Windows development days are firmly behind me. So I don't really have an opinion here. So I put it to you, Windows Python developers: do you care about GnuPG signatures on Windows-specific files? Or do you not care? I don't have a very strong security background, so take my views with a pinch of saly, but I see Authenticode as a way of being sure that what I run is "OK". Whereas a GPG signature lets me check that the content of a file is as intended. So there are benefits to both, and I thing we should continue to provide GPG signatures. (Disclaimer: I've never in my life actually checked a GPG signature for a file...)
I haven't been on Windows in a bit, but this is my understanding/expectation as well.
- Previous message (by thread): [Python-Dev] Do we need to sign Windows files with GnuPG?
- Next message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]