> On Mar 14, 2017, at 1:48 AM, Glyph Lefkowitz <[email protected]> wrote: > > 3. A simple signing scheme, like https://minilock.io <https://minilock.io/> > but for plaintext signatures rather than encryption > <https://github.com/kaepora/miniLock/issues/198>, could potentially address > this problem.
This is basically the plan, using it in conjunction with TUF for the fiddly bits (Because simply signing files isn’t good enough). — Donald Stufft
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
