PEP 458: Secure PyPI downloads with package signing
20 views
Skip to first unread message
Sumana Harihareswara
Feb 12, 2020, 7:03:18 PM2/12/20
to pypa-dev
On Discourse
https://discuss.python.org/t/pep-458-surviving-a-compromise-of-pypi/2648/
, folks have been discussing a PEP to better secure package downloads
from PyPI https://www.python.org/dev/peps/pep-0458/ . BDFL-Delegate
Donald Stufft is due to approve it in two days:
> Unless someone has an objection, I intend to accept
> this PEP on Friday.
Discussion should be directed to the Discourse thread at
discuss.python.org .
(I requested comment on PEP 458 back in September, in the email to this
list with the subject line "PyPI & cryptographic signing and malware
detection - seeking comment".)
--
Sumana Harihareswara
Changeset Consulting
https://changeset.nyc
https://discuss.python.org/t/pep-458-surviving-a-compromise-of-pypi/2648/
, folks have been discussing a PEP to better secure package downloads
from PyPI https://www.python.org/dev/peps/pep-0458/ . BDFL-Delegate
Donald Stufft is due to approve it in two days:
> Unless someone has an objection, I intend to accept
> this PEP on Friday.
Discussion should be directed to the Discourse thread at
discuss.python.org .
(I requested comment on PEP 458 back in September, in the email to this
list with the subject line "PyPI & cryptographic signing and malware
detection - seeking comment".)
--
Sumana Harihareswara
Changeset Consulting
https://changeset.nyc
Reply all
Reply to author
Forward
0 new messages