-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15/06/10 22:04, "Martin v. Löwis" wrote: >> I read pep 381 long time ago and I don't remember how/when a mirror >> would update, but I do remember it doesn't mandate digital signatures >> (signed by pypi central node, verified by setuptools&friends). That is a >> big gap, in my opinion. > > The PEP doesn't explain the digital signing that is going on in > mirroring. See > > http://mail.python.org/pipermail/catalog-sig/2009-March/002018.html > > This is fully implemented (except that client would need to verify the > signatures, and except key rollover hasn't happened yet).
Could I ask pep381 to be updated?. - -- Jesus Cea Avion _/_/ _/_/_/ _/_/_/ j...@jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ jabber / xmpp:j...@jabber.org _/_/ _/_/ _/_/_/_/_/ . _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTBf6gplgi5GaxT1NAQJh6AP/T0pyein9GQ2ZmsL1JOxQOdGMhZfg7Jxu go2WuHgrV2Jog7koQFDaX0y/gwTonW5w9AWRcsbQTbOL+ss9JUMgAvd2aSRhWMu2 SQrTsbimuJwHwPbVLRzV3HS6NsgzJgwIEexjmJ1a6kVKvbwOL3RsOqgMyK8/5ka2 V2cWn//0Jzc= =Rplg -----END PGP SIGNATURE----- _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
