On Wed, Feb 6, 2013 at 8:51 PM, Zygmunt Krynicki <[email protected]> wrote: > That is a one time operation.
It is, for Plone, a several hundred times operation. This is not a feasible path. > Sorry, you are right. My example assumed you were familiar with what > I'm doing with distrust (https://github.com/zyga/distrust) where it > works just as well for current unsigned software. That's just asking users to manually verify each package they download. They already do not do that. We need to solve that problem. Just asking them to do it is not going to solve anything. //Lennart _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
