On 17.04.2015 19:31, Martin v. Löwis wrote:
Am 17.04.15 um 00:46 schrieb M.-A. Lemburg:
I had asked the PSF for a StartSSL certificate when the previous
certificate expired, and the PSF was not able to provide one. After
waiting several weeks for the PSF to provide the certificate, Kurt then
Am 17.04.15 um 00:46 schrieb M.-A. Lemburg:
I had asked the PSF for a StartSSL certificate when the previous
certificate expired, and the PSF was not able to provide one. After
waiting several weeks for the PSF to provide the certificate, Kurt then
kindly went to Verisign.
When was that ? I
Am 05.04.15 um 06:43 schrieb Steve Dower:
Now I just have to find the time to learn how to use it...
I always sign with Kleopatra on Windows. It's really simple: just drag
all files you want to sign onto it, configure detached signatures, and
it will place the signature next to the original
Am 04.04.15 um 21:54 schrieb M.-A. Lemburg:
FWIW: The PSF mostly uses StartSSL nowadays and they also support code
signing certificates. Given that this option is a lot cheaper than
Verisign, I think we should switch, unless there are significant
reasons not to. We should revisit this in 2017.
On 16.04.2015 21:34, Martin v. Löwis wrote:
Am 04.04.15 um 21:54 schrieb M.-A. Lemburg:
FWIW: The PSF mostly uses StartSSL nowadays and they also support code
signing certificates. Given that this option is a lot cheaper than
Verisign, I think we should switch, unless there are significant
Steve Dower steve.do...@microsoft.com writes:
Nathaniel Smith wrote:
And I suspect python-dev generally doesn't put much weight on the
extra effort required (release managers have all been using gpg for
decades, it's pretty trivial)
I'm aware of this, but still don't see it as a reason
Dowermailto:steve.do...@microsoft.com
Cc: M.-A. Lemburgmailto:m...@egenix.com; Larry
Hastingsmailto:la...@hastings.org; Python Devmailto:python-dev@python.org;
python-committersmailto:python-committ...@python.org
Subject: Re: [Python-Dev] [python-committers] Do we need to sign Windows files
On Sun, 05 Apr 2015 01:06:01 -0700
Larry Hastings la...@hastings.org wrote:
On 04/04/2015 08:21 PM, Nathaniel Smith wrote:
(I guess you could call Larry or someone, read them a hash over the
phone, and then have them create the actual gpg signatures.)
By sheer coincidence, I believe
On 04/04/2015 08:21 PM, Nathaniel Smith wrote:
(I guess you could call Larry or someone, read them a hash over the
phone, and then have them create the actual gpg signatures.)
By sheer coincidence, I believe Steve and I both live in the Seattle
area...!
//arry/
Nathaniel Smith wrote:
And I suspect python-dev generally doesn't put much weight on the
extra effort required (release managers have all been using gpg for
decades, it's pretty trivial)
I'm aware of this, but still don't see it as a reason to unnecessarily
duplicate process.
or see any
On 04/05/2015 06:41 AM, Antoine Pitrou wrote:
On Sun, 05 Apr 2015 01:06:01 -0700
Larry Hastings la...@hastings.org wrote:
On 04/04/2015 08:21 PM, Nathaniel Smith wrote:
(I guess you could call Larry or someone, read them a hash over the
phone, and then have them create the actual gpg
To: Steve Dowermailto:steve.do...@microsoft.com; Larry
Hastingsmailto:la...@hastings.org; Python
Devmailto:python-dev@python.org;
python-committersmailto:python-committ...@python.org
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows
files with GnuPG?
On 03.04.2015 19:35
To: Steve Dowermailto:steve.do...@microsoft.com; Larry
Hastingsmailto:la...@hastings.org; Python Devmailto:
python-dev@python.org; python-committersmailto:
python-committ...@python.org
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows
files with GnuPG?
On 03.04.2015 19
-committersmailto:python-committ...@python.org; Larry
Hastingsmailto:la...@hastings.org; Steve
Dowermailto:steve.do...@microsoft.com
Subject: Re: [Python-Dev] [python-committers] Do we need to sign Windows files
with GnuPG?
So, AFAIU from this discussion:
* Authenticode does not have a PKI
* GPG
On Apr 04, 2015, at 02:41 PM, Steve Dower wrote:
Relying only on Authenticode for Windows installers would result in a break
in technology w/r to the downloads we make available for Python, since all
other files are (usually) GPG signed
It's the only part I have a question about.
Does the use
Devmailto:python-dev@python.org;
python-committersmailto:python-committ...@python.org
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows files
with GnuPG?
On 04.04.2015 00:14, Steve Dower wrote:
The thing is, that's exactly the same goodness as Authenticode gives, except
everyone
On Sat, Apr 4, 2015 at 6:07 PM, Steve Dower steve.do...@microsoft.com wrote:
There's no problem, per se, but initially it was less trouble to use the
trusted PSF certificate and native support than to add an extra step using a
program I don't already use and trust, am restricted in use by my
On 4 April 2015 at 11:14, Steve Dower steve.do...@microsoft.com wrote:
The thing is, that's exactly the same goodness as Authenticode gives, except
everyone gets that for free and meanwhile you're the only one who has
admitted to using GPG on Windows :)
Basically, what I want to hear is that
From: Barry Warsawmailto:ba...@python.org
Sent: 4/4/2015 9:11
To: python-dev@python.orgmailto:python-dev@python.org
Subject: Re: [Python-Dev] [python-committers] Do we need to sign Windows files
with GnuPG?
On Apr 04, 2015, at 02:41 PM, Steve Dower wrote
On 04.04.2015 16:41, Steve Dower wrote:
Relying only on Authenticode for Windows installers would result in a break
in technology w/r to the downloads we make available for Python, since all
other files are (usually) GPG signed
This is the point of this discussion. I'm willing to make such
-Devmailto:python-dev@python.org
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows files
with GnuPG?
Authenticode does not have a PKI
If you got that from this discussion, I need everyone to at least skim read
this: https://msdn.microsoft.com/en-us/library/ie/ms537361(v=vs.85).aspx
-Devmailto:python-dev@python.org
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows
files with GnuPG?
Authenticode does not have a PKI
If you got that from this discussion, I need everyone to at least skim
read this:
https://msdn.microsoft.com/en-us/library/ie/ms537361(v=vs.85
-Devmailto:python-dev@python.org
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows
files with GnuPG?
Authenticode does not have a PKI
If you got that from this discussion, I need everyone to at least skim
read this:
https://msdn.microsoft.com/en-us/library/ie/ms537361(v=vs.85
On 04.04.2015 21:49, Kurt B. Kaiser wrote:
On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
On 04.04.2015 21:02, Kurt B. Kaiser wrote:
For the record, that is a Symantec/Verisign code signing
certificate. We paid $1123 for it last April. It expires
April 2017.
If you don't switch
On Sat, Apr 4, 2015, at 03:54 PM, M.-A. Lemburg wrote:
On 04.04.2015 21:49, Kurt B. Kaiser wrote:
On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
On 04.04.2015 21:02, Kurt B. Kaiser wrote:
For the record, that is a Symantec/Verisign code signing
certificate. We paid $1123
On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
On 04.04.2015 21:02, Kurt B. Kaiser wrote:
For the record, that is a Symantec/Verisign code signing
certificate. We paid $1123 for it last April. It expires
April 2017.
If you don't switch to a different vendor, e.g. startssl,
On 03.04.2015 11:56, Larry Hastings wrote:
My Windows development days are firmly behind me. So I don't really have an
opinion here. So I put
it to you, Windows Python developers: do you care about GnuPG signatures on
Windows-specific files?
Or do you not care?
Regardless of target
On 03.04.2015 19:35, Steve Dower wrote:
My Windows development days are firmly behind me. So I don't really have an
opinion here. So I put it to you, Windows Python developers: do you care
about
GnuPG signatures on Windows-specific files? Or do you not care?
The later replies seem to
-committers] [Python-Dev] Do we need to sign Windows files
with GnuPG?
On 03.04.2015 19:35, Steve Dower wrote:
My Windows development days are firmly behind me. So I don't really have an
opinion here. So I put it to you, Windows Python developers: do you care
about
GnuPG signatures on Windows
...@egenix.com
Sent: 4/3/2015 10:55
To: Steve Dowermailto:steve.do...@microsoft.com; Larry
Hastingsmailto:la...@hastings.org; Python
Devmailto:python-dev@python.org;
python-committersmailto:python-committ...@python.org
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows
-committ...@python.org
Subject: Re: [python-committers] [Python-Dev] Do we need to sign Windows
files with GnuPG?
On 03.04.2015 19:35, Steve Dower wrote:
My Windows development days are firmly behind me. So I don't really have an
opinion here. So I put it to you, Windows Python developers: do you
On Apr 3, 2015 5:50 PM, Donald Stufft don...@stufft.io wrote:
On Apr 3, 2015, at 6:38 PM, M.-A. Lemburg m...@egenix.com wrote:
On 04.04.2015 00:14, Steve Dower wrote:
The thing is, that's exactly the same goodness as Authenticode gives,
except everyone gets that for free and meanwhile
On Apr 03, 2015, at 02:56 AM, Larry Hastings wrote:
My Windows development days are firmly behind me. So I don't really have an
opinion here. So I put it to you, Windows Python developers: do you care
about GnuPG signatures on Windows-specific files? Or do you not care?
They're not mutually
On Fri, Apr 3, 2015 at 7:25 AM, Paul Moore p.f.mo...@gmail.com wrote:
On 3 April 2015 at 10:56, Larry Hastings la...@hastings.org wrote:
My Windows development days are firmly behind me. So I don't really have an
opinion here. So I put it to you, Windows Python developers: do you care
about
34 matches
Mail list logo
