Re: the new PyPI, coming next month

To: Scott Kitterman <debian@kitterman.com>
Cc: debian-python@lists.debian.org, Sumana Harihareswara <sh@changeset.nyc>
Subject: Re: the new PyPI, coming next month
From: Donald Stufft <donald@stufft.io>
Date: Sat, 31 Mar 2018 23:33:26 -0400
Message-id: <[🔎] 7236AF0E-DA5C-45B9-AA78-5BCF900D7846@stufft.io>
In-reply-to: <[🔎] E695279A-7F89-4973-933B-CEAD4455DF3F@kitterman.com>
References: <[🔎] b06878cc-90f6-d033-4fdd-fa191db6c083@changeset.nyc> <[🔎] E695279A-7F89-4973-933B-CEAD4455DF3F@kitterman.com>

On Mar 31, 2018, at 11:23 PM, Scott Kitterman <debian@kitterman.com> wrote:

What replaces gpg for ensuring integrity of the uploaded code?

To be clear, PGP signatures can still be uploaded and they are still available for download, they just don’t appear in the UI anymore. Longer term I’d *like* to get rid of PGP signatures, because I think their value here is actually pretty low. In that case they’d be replaced with TUF, but that’s a longer term project.

Reply to:

Follow-Ups:
- Re: the new PyPI, coming next month
  - From: Dominik George <natureshadow@debian.org>

References:
- the new PyPI, coming next month
  - From: Sumana Harihareswara <sh@changeset.nyc>
- Re: the new PyPI, coming next month
  - From: Scott Kitterman <debian@kitterman.com>

Prev by Date: Re: the new PyPI, coming next month
Next by Date: Re: the new PyPI, coming next month
Previous by thread: Re: the new PyPI, coming next month
Next by thread: Re: the new PyPI, coming next month
Index(es):
- Date
- Thread