On Sunday, February 10, 2013 at 12:53 PM, Giovanni Bajo wrote: > Il giorno 10/feb/2013, alle ore 18:08, Antoine Pitrou <[email protected] > (mailto:[email protected])> ha scritto: > > > > > Hello, > > > > Vinay Sajip <vinay_sajip <at> yahoo.co.uk (http://yahoo.co.uk)> writes: > > > > > > I've contacted the FSF about the licensing implications of including gpg > > > with > > > Python programs. This is primarily for Windows - Posix users are better > > > off > > > installing through their distro package manager or equivalent of the > > > Homebrew/MacPorts type, if necessary. > > > > > > > > > You want to post this on python-dev, not catalog-sig. > > > > Also, before inquiring about legal matters, it should first be decided > > whether it is desirable to ship our version of GnuPG, or not. > > (unless there has already been a thread about this and I've missed it :-)) > > > > > > There is an open discussion whether to use TUF or GPG. If we go with GPG, > then we wlll discuss what to do, given that: > > 1) for users, the problem is not on python-dev, but rather on the maintainers > of package managers (pip, easy_install) that need to decide how to > ship/install GPG to verify signatures. > 2) for maintainers, I don't see a strong need to ship it with distutils > within Python, as long as we have clear documentation on how to install it. > But this is open for discussion of course. > I didn't see TUF mention anywhere what technology would be used to sign its files. So it's possible to use GPG (or possibly another one?)
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
