On Tue, Mar 16, 2021 at 9:42 AM Christian Heimes <[email protected]> wrote: > GPG signatures are > problematic because GPG is awful.
What is the problem here? Most of the verification for external downloads, at the moment, seems to be via GPG. > Sigstore [2] might become an alternative in the future. TIL. Seems very recent - https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html Thank you, Senthil _______________________________________________ python-committers mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/POCU6KG5BKAQNIUDBFSRCPXKYNRX5KQN/ Code of Conduct: https://www.python.org/psf/codeofconduct/
