On Thu, 6 Jul 2023 at 04:08, Gregory Disney
<gregory.disney.leug...@gmail.com> wrote:
>
> Why not just use gpg signatures and maintain trusted signing keys? There’s no 
> reason to reinvent the wheel. If a user wants to use a unsigned or untrusted 
> packages, they have to accept the risk.
>

As an alternative to a blockchain? No idea, but I've never considered
blockchains to be useful for anything more than toys anyway.

As an alternative to a curated package list? That just comes down to
who holds the trusted keys, so it's the same as the other suggestions,
only you're looking at the mechanics for knowing whether it's on the
list, as opposed to the mechanics for figuring out which things go on
the list - two sides of the same coin, pretty much.

ChrisA
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at 
https://mail.python.org/archives/list/python-ideas@python.org/message/ANBP64KBYAB3MXO4NQDNMQHSXM525ZTN/
Code of Conduct: http://python.org/psf/codeofconduct/

Reply via email to