On Tue, Mar 16, 2021 at 9:42 AM Christian Heimes <christ...@python.org> wrote: > GPG signatures are > problematic because GPG is awful.
What is the problem here? Most of the verification for external downloads, at the moment, seems to be via GPG. > Sigstore [2] might become an alternative in the future. TIL. Seems very recent - https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html Thank you, Senthil _______________________________________________ python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-le...@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/POCU6KG5BKAQNIUDBFSRCPXKYNRX5KQN/ Code of Conduct: https://www.python.org/psf/codeofconduct/
