On 11/20/12 1:54 PM, Tarek Ziadé wrote:
On 11/20/12 1:49 PM, "Martin v. Löwis" wrote:
Am 19.11.12 19:37, schrieb Tarek Ziadé:
Wouldn't it make sense to modify the upload command and add a .pubkey
file alongside the archive file
and the .asc file on PyPI ? (since we don't have a notion of
team/users
etc.)
Each user is supposed to provide his PGP key ID. For those that did, we
could fetch them from the key server.
In some projects we have several owners and maintainers, so I am not sure
how we can decide which key to use. The initial owner ?
Maybe we'd need to add a project <> key relation that's set by default
to the initial owner's key, but could be change afterwards.
oh scratch this. each upload has a uploader associated so we can use this.
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
