On Fri, 7 Dec 2018 11:54:59 -0800 Devin Jeanpierre <jeanpierr...@gmail.com> wrote: > On Fri, Dec 7, 2018 at 10:48 AM Antoine Pitrou <solip...@pitrou.net> wrote: > > > If the site is vulnerable to modifications, then TLS doesn't help. > > Again: you must verify the GPG signatures (since they are produced by > > the release manager's private key, which is *not* stored on the > > python.org Web site). > > This is missing the point.
Why do you think I missed anything here? Regards Antoine. _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/