On Wed, Feb 20, 2013 at 2:56 PM, Giovanni Bajo <ra...@develer.com> wrote:
> Il giorno 20/feb/2013, alle ore 19:44, Bernhard Seibold < > bernhard.seib...@gmail.com> ha scritto: > > > Hi! > > > > I noticed that in the user profile, the PGP Key ID is 8 hex digits only. > This is a bad idea: > > > > http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html > > > > Honestly I don't know what that Key ID is used for, but it should be > either fixed or removed. > > > > Thanks, we are in the process of defining an overhaul of the security of > PyPI, and removing short key IDs is already considered: > > https://docs.google.com/a/develer.com/document/d/1DgQdDCZY5LiTY5mvfxVVE4MTWiaqIGccK3QCUI8np4k/edit > > (see task #10: Use GPG key fingerprints instead of short IDs) > You know how to do S/MIME; how much harder would it be to use X.509 signatures as are supported with openssl and bundled GUI cert managers on all OSs?
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
