Signed PyPI releases

Seems that PyPI supports OpenPGP signatures but it seems to be not very common yet. Also `pip` has no native way of checking the signatures yet (tracked upstream: https://github.com/pypa/pip/issues/1035). As the signing part does not have a big overhead and can be automated with the release process I would suggest to do that for the next release. Here is an example Python package which uses this: [hlc](https://pypi.python.org/pypi/hlc). Also refer to the [Makefile](https://github.com/ypid/hlc/blob/master/Makefile) of the package where all of the signing is automated :wink:

Related to: #164
Refs:
- https://packaging.python.org/distributing/#uploading-your-project-to-pypi
- http://stuartmumford.uk/blog/verifying-pypi-and-conda-packages.html


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Signed PyPI releases #170

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Signed PyPI releases #170

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions