It's hard to keep those things separated. I would very much like the code submitted to PyPI be protected end-to-end by cryptographic signatures, when PyPI has either no resources, or no spine to stand up to a government. Any signatures, even PGP, which should be in place until someone provides better mechanism.
It's hard to keep those things separated. I would very much like the code submitted to PyPI be protected end-to-end by cryptographic signatures, when PyPI has either no resources, or no spine to stand up to a government. Any signatures, even PGP, which should be in place until someone provides better mechanism.