Am 19.11.12 19:37, schrieb Tarek Ziadé:
Wouldn't it make sense to modify the upload command and add a .pubkey file alongside the archive file and the .asc file on PyPI ? (since we don't have a notion of team/users etc.)
Each user is supposed to provide his PGP key ID. For those that did, we could fetch them from the key server. OTOH, users can also fetch them themselves. In PGP, keys should really be on the key servers, rather than having distributed copies, since they get updated (e.g. when counter-signed or revoked). Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
