[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG? (original) (raw)
Ben Finney ben+python at benfinney.id.au
Mon Apr 6 01:15:17 CEST 2015
- Previous message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
- Next message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Steve Dower <Steve.Dower at microsoft.com> writes:
Nathaniel Smith wrote: > And I suspect python-dev generally doesn't put much weight on the > extra effort required (release managers have all been using gpg for > decades, it's pretty trivial)
I'm aware of this, but still don't see it as a reason to unnecessarily duplicate process.
That's a good argument. But it's one against Authenticode, because that's a single-platform process that duplicates an existing convention to use an open, free standard: OpenPGP certificates.
So the demands of “why do we need to duplicate this work?” should be made to Microsoft for choosing to re-invent that long-standing and superior (because open, free-software, and cross-platform) wheel.
-- \ “At my lemonade stand I used to give the first glass away free | `\ and charge five dollars for the second glass. The refill | o_) contained the antidote.” —Emo Philips | Ben Finney
- Previous message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
- Next message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]