Re: [Distutils] GnuPG signatures on PyPI: why so few?

> On Mar 12, 2017, at 5:13 AM, Ben Finney wrote: > > Paul Moore writes: > >> One tool that needs improvement to be easier to use for this to happen >> is GPG itself. > > No disagreement from me on that. And indeed, the GnuPG project's chronic

Re: [Distutils] GnuPG signatures on PyPI: why so few?

FWIW, I dropped a portable version into the windows-installer externals that are pulled down by the release scripts (from svn.p.o). It does require me to import my key on new machines, but since I don't use it for anything but re-signing the releases it's worth it to avoid all the intrusions.

Re: [Distutils] GnuPG signatures on PyPI: why so few?

On 12 March 2017 at 12:13, Ben Finney wrote: > >> As a Windows user, I've "played" with it in the past, and found it >> frustratingly difficult. > > I hope many people here will find the guide published by the FSF, Email > Self-Defense

Re: [Distutils] GnuPG signatures on PyPI: why so few?

Paul Moore writes: > One tool that needs improvement to be easier to use for this to happen > is GPG itself. No disagreement from me on that. And indeed, the GnuPG project's chronic under-funding eventually drew attention from the new Core Infrastructure Initiative

Re: [Distutils] GnuPG signatures on PyPI: why so few?

On 12 March 2017 at 07:15, Ben Finney wrote: >> If you can find a tool that is easy to install on Linux, Windows, and Mac, >> which solves the problems above by virtue of having very good defaults, and >> is accessible to anyone with less than a few hours to waste on