-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 W dniu 06.02.2013 21:08, Lennart Regebro pisze: > On Wed, Feb 6, 2013 at 8:51 PM, Zygmunt Krynicki > <zygmunt.kryni...@canonical.com> wrote: >> That is a one time operation. > > It is, for Plone, a several hundred times operation. This is not a > feasible path.
I did not realize that a basic install of plone is composed of 100+ packages. If all of those packages are maintained by a coherent group (pardon my ignorance of plone here) then perhaps that use case could be managed by allowing the user to accept trust to a larger pool of packages. For example, if all plone packages were signed by a single key and carried additional meta-data then distrust could ask the user something like: Do you want to trust the user "Joe Develoer <develo...@example.com>" as identified by fingerprint .... with _all_ packages that start with the string "pypi:plone.core.": Choice [No/yes/help]: Thanks ZK -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRErzyAAoJECiU6TooxntH1ukP/0a2jqTIXW4YxLWIKF+zIgQS fjx3JwZFNBDnI1QzaOZCC8VfsqJIBaIamVMXgjw/q5JOoju/qnTctFrY6GQwAGnN OXyo6eBmp3+30Le9Vz+eFy/SToHtS0cAWFetp/amadaL3uEiOef4wdB+aFAsNr0T BP2/muxXhh/PkMDnEb7IA/5wodwvpz6RWojgiphZJnNEq6Tskm6wTIWIWwWunXhX Jfzcg932TXh2wICQEYYh/w4nta9jLX37L0Lz2OxpoTvuk51LvhbpcmedmHXJh7KR Eexhve3hoFyBqkwF0g8KOeH6fnL3/BFMIZSDSzGNDnLdBs0IENKqfNrb3wVdFCeB nmu57+xBb+93l9JH2veH1ZUJEptmhxhYVnU3+scctNRn2KCI+plP+srsbKPv0CMU lpWzCLDUC3soGA/UYRCnmELCIEc3n7DP37+DwyAO+i/Jxq5+m6VKb5crbij+fGNO sMtVaJuHb2u1BCGQpMrkVLSDlPzuzlldWT2udKkeQN7mkCeeVi/FmHbRo6zoYO8r I56+o5ktALxNeayGiD+mFhrMkw0n4MVK96gPsqcOvRqXE8RFv5Kweh4sJCGEhoda krqF9NqTSpOBQXEumzPVD1RHQMjXmwjUYAFCkpIzqaSVq+7/qTai20Tx6QHQDL3A eQEnbI5uaCNf/EC39PIj =ajTl -----END PGP SIGNATURE----- _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
