Christian Heimes <> added the comment:

If you use pubkeys.txt from, 
then GPG verification gives you no additional security. An attack with write 
access to or access to the private key of can 
easily replace the pubkeys.txt with a key file under his control. You only get 
additional security if you retrieve the key from a different location *and* 
verify that the key owned by Łukasz.


Python tracker <>
Python-bugs-list mailing list

Reply via email to