Re: [Distutils] GnuPG signatures on PyPI: why so few?

Donald Stufft Mon, 13 Mar 2017 22:56:12 -0700

> On Mar 14, 2017, at 1:48 AM, Glyph Lefkowitz <gl...@twistedmatrix.com> wrote:
> 
> 3. A simple signing scheme, like https://minilock.io <https://minilock.io/> 
> but for plaintext signatures rather than encryption 
> <https://github.com/kaepora/miniLock/issues/198>, could potentially address 
> this problem.



This is basically the plan, using it in conjunction with TUF for the fiddly 
bits (Because simply signing files isn’t good enough).

—
Donald Stufft

_______________________________________________
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] GnuPG signatures on PyPI: why so few?

Reply via email to