On 3 April 2015 at 10:56, Larry Hastings <la...@hastings.org> wrote: > My Windows development days are firmly behind me. So I don't really have an > opinion here. So I put it to you, Windows Python developers: do you care > about GnuPG signatures on Windows-specific files? Or do you not care?
I don't have a very strong security background, so take my views with a pinch of saly, but I see Authenticode as a way of being sure that what I *run* is "OK". Whereas a GPG signature lets me check that the content of a file is as intended. So there are benefits to both, and I thing we should continue to provide GPG signatures. (Disclaimer: I've never in my life actually *checked* a GPG signature for a file...) Paul _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
