[Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG? (original) (raw)

M.-A. Lemburg mal at egenix.com
Fri Apr 17 00:46:20 CEST 2015

• Previous message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
• Next message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16.04.2015 21:34, "Martin v. Löwis" wrote:

Am 04.04.15 um 21:54 schrieb M.-A. Lemburg:

FWIW: The PSF mostly uses StartSSL nowadays and they also support code signing certificates. Given that this option is a lot cheaper than Verisign, I think we should switch, unless there are significant reasons not to. We should revisit this in 2017.

Agree - apparently the starlssl process for getting a signing cert is complex/obscure, so we should start early. Not really. Once you have the org verification it's really easy. Let me know if I can help providing PSF organization verification. I already completed that for the current cycle. I had asked the PSF for a StartSSL certificate when the previous certificate expired, and the PSF was not able to provide one. After waiting several weeks for the PSF to provide the certificate, Kurt then kindly went to Verisign.

When was that ? I never received such a request. The account I'm using was created in Dec 2014 and the validation received on 2014-12-17. This is valid for about a year:

https://wiki.python.org/psf/PSF%20SSL%20Certificates

Code signing certificates are valid for two years, so switching to StartSSL probably doesn't make much sense now, unless perhaps we want to switch to SHA2 and longer RSA keys (if that's possible for code signing certs - I'd have to check).

-- Marc-Andre Lemburg eGenix.com

Professional Python Services directly from the Source (#1, Apr 17 2015)

Python Projects, Coaching and Consulting ... http://www.egenix.com/ mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/

• Previous message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
• Next message (by thread): [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list