[prev in list] [next in list] [prev in thread] [next in thread]
List: python-catalog-sig
Subject: Re: [Catalog-sig] [pydotorg-www] project plan
From: anatoly techtonik <techtonik () gmail ! com>
Date: 2010-04-19 21:24:38
Message-ID: y2td34314101004191424xed2bbd7dv12ab6ed521190f62 () mail ! gmail ! com
[Download RAW message or body]
On Mon, Apr 19, 2010 at 11:51 PM, "Martin v. Löwis" <martin@v.loewis.de> wrote:
>
> About the only approach I can think of is PGP signing by the actual
> package authors, which is already supported in PyPI (but not in
> setuptools/distribute, AFAIK). We could strengthen this with our own web
> of trust within the community of PyPI users, which would take
> some time to setup. We could also encourage the use of CACert user
> certificates for code signing in stead/in addition.
IIRC the biggest hole with PyPI and setuptools for now is that it
doesn't allow to execute "setup.py bdist register upload" without
saving password in clear form on user system.
CCed to catalog-sig. Let's see if it will bounce.
--
anatoly t.
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic