> On May 12, 2016, at 8:05 AM, Paul Moore <[email protected]> wrote: > > On 12 May 2016 at 12:41, Donald Stufft <[email protected]> wrote: >> What do folks think? Would anyone be particularly against getting rid of the >> GPG support in PyPI? > > 28K projects is too many to do a mailshot, but would it be worth > asking this question more widely than on distutils-sig? Just "Do you > maintain a project on PyPI that has GPG sigs and would you care if we > removed them? If so, please let us know on the thread on > distutils-sig.”
It's 28k *files* but a single project can have more than one file. The total number of projects that have *ever* uploaded a file with a signature is 3.5k and of that 3.5k, only 2.7k projects have their *latest* release uploaded with signatures. > > On an unrelated note, it might be a good feature for Warehouse to add > some means of notifying project owners for cases like this. > Paul ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
