On Mar 12, 2017, at 11:46 AM, Ben Finney wrote:

>What prospect is there in the Python community to get signed upstream
>releases become the obvious norm?

I don't know.  Digital security seems to be mostly an afterthought
unfortunately.  I always use `twine upload --sign` so all my projects have
signatures, and for those where I'm also the Debian maintainer or primary
uploader, I try to enable signatures for uscan, but it seems oddly
self-serving. ;)


Reply via email to