On Thu, Feb 7, 2013 at 3:06 PM, Justin Cappos <[email protected]> wrote: > We'd like to integrate TUF ( https://www.updateframework.com/ ) into PyPI to > help out if it makes sense. In theory the integration should be > straightforward. It's basically just importing a few libraries in the > client tools and asking package publishers / PyPI to do an extra step to add > signatures. We believe it should be incrementally deployable (i.e. work if > not everyone is using TUF everywhere) without being a usability problem for > anyone. We're looking into this now to see what sort of complications this > may have. We do have some looming deadlines, but we'd like to get a demo > together later this month.
I'm all for the idea of either using solutions that also other uses, or if that's not feasible, making the solution we choose usable by others. I do not have the knowledge to judge TUF specifically though. //Lennart _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
