On Wed, Jul 18, 2012 at 1:53 PM, Daniel Holth <[email protected]> wrote: > One of the main design goals for the wheel built package format is > that a wheel archive extracted to sys.path is a PEP-376 compliant > installation. I also want most wheel files to be cryptographically > signed. The idea is to include a < 256 byte JSON Web Signature of > RECORD, "RECORD.jws", which will only take a couple of milliseconds to > generate, in the .dist-info directory. This is only meaningful if > RECORD has strong hashes, or the installer would have to always > rewrite RECORD on install just to include md5 sums to follow the spec.
If you're including another file anyway, why not just put the signatures in there, then? _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
