On Tue, Jul 16, 2013 at 12:21 +0200, Jannis Leidel wrote: > On 16.07.2013, at 11:19, holger krekel <hol...@merlinux.eu> wrote: > > > Any thoughts or pointers to existing efforts within the (Python) > > packaging ecologies? > > Erik Rose just released peep the other day [1], which admittedly doesn't use > gpg but at least allows pip users to simplify the manual vetting process. > > Jannis > > 1: https://pypi.python.org/pypi/peep
thanks for the pointer, i actually saw that earlier. If i see it correctly it does not target "vetting sharing": if a 1000 careful people want to install Django-1.5.1.tar.gz they each need to do the verification work individually, each creating their particular "requirements.txt" with extra hashes. best, holger _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig