Re: GnuPG signatures on PyPI: why so few?
On Mar 12, 2017, at 11:46 AM, Ben Finney wrote:
>What prospect is there in the Python community to get signed upstream
>releases become the obvious norm?
I don't know. Digital security seems to be mostly an afterthought
unfortunately. I always use `twine upload --sign` so all my projects have
signatures, and for those where I'm also the Debian maintainer or primary
uploader, I try to enable signatures for uscan, but it seems oddly
self-serving. ;)
-Barry
Reply to: