Comment by donaldstufft
1 year ago
Removing security features that don't work is a separate concern from making security features that do work. Nobody who has done any serious work on PyPI security in the past 15 years thinks that GPG will play a part in the future of PyPI security. It's support was entirely vestigial, served no practical purpose, and never would.
[flagged]
Please make your substantive points without swipes, in keeping with the site guidelines: https://news.ycombinator.com/item?id=36092913 also. You broke the site guidelines badly in this thread.
Note that the person you're replying to is the PyPi maintainer responsible for removing GPG from PyPi.
The rationale is expanded here: https://news.ycombinator.com/item?id=36050190
[flagged]
1 reply →