Re: GnuPG signatures on PyPI: why so few?

Donald Stufft writes: > https://mail.python.org/pipermail/distutils-sig/2016-May/028933.html > "I am aware of a single tool anywhere that actively supports verifying the signatures that people upload to PyPI, and that is

Re: GnuPG signatures on PyPI: why so few?

> On Mar 12, 2017, at 10:35 PM, Paul Wise wrote: > > On Mon, Mar 13, 2017 at 4:28 AM, Jeremy Stanley wrote: > >> upload them to PyPI since the authors of the coming Warehouse >> replacement for the current CheeseShop PyPI have already indicated >> that they intend to drop support for signatures

Re: GnuPG signatures on PyPI: why so few?

On Mon, Mar 13, 2017 at 4:28 AM, Jeremy Stanley wrote: > upload them to PyPI since the authors of the coming Warehouse > replacement for the current CheeseShop PyPI have already indicated > that they intend to drop support for signatures entirely. Did they give any reasoning for this decision? -

Re: GnuPG signatures on PyPI: why so few?

On 2017-03-12 11:46:31 +1100 (+1100), Ben Finney wrote: [...] > In response to polite requests for signed releases, some upstream > maintainers are now pointing to that thread and closing bug reports as > “won't fix”. > > What prospect is there in the Python community to get signed upstream > rele

Re: Joining DPMT

[Gaurav Juvekar, 2017-03-08] > I wish to upload and maintain humanfriendly(RFS: #852233), > python-coloredlogs(RFS: #854249) and python-verboselogs(RFS: #854115) > packages in DPMT so that a sponsor can upload them to experimental or > sid. I also want to help create and maintain other packages fro

Re: PyPI source or github source?

On Sun, 2017-03-12 at 10:53 +0800, Paul Wise wrote: > On Sun, Mar 12, 2017 at 10:19 AM, Brian May wrote: > > > Sure, you could argue that PyPI source packages should contain > > everything the github package does. In fact there is a PyPI tool to help > > get the MANIFEST.in correct for such purpos