There's no problem, per se, but initially it was less trouble to use the trusted PSF certificate and native support than to add an extra step using a program I don't already use and trust, am restricted in use by my employer (because of the license and the fact there are alternatives), and developing the trust in a brand new certificate.
Eventually the people saying "do it" will win through sheer persistence, since I'll get sick of trying to get a more detailed response and just concede. Not sure if that's how we want to be running the project though... Top-posted from my Windows Phone ________________________________ From: Barry Warsaw<mailto:ba...@python.org> Sent: 4/4/2015 9:11 To: python-dev@python.org<mailto:python-dev@python.org> Subject: Re: [Python-Dev] [python-committers] Do we need to sign Windows files with GnuPG? On Apr 04, 2015, at 02:41 PM, Steve Dower wrote: >"Relying only on Authenticode for Windows installers would result in a break >in technology w/r to the downloads we make available for Python, since all >other files are (usually) GPG signed" It's the "only" part I have a question about. Does the use of Authenticode preclude detached GPG signatures of the exe file? I can't see how it would, but maybe there's something (well, a lot of somethings ;) I don't know about Windows. If not, then what's the problem with also providing a GPG signature? Cheers, -Barry _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/steve.dower%40microsoft.com
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
