Comment by paulddraper
1 year ago
PGP signatures purpose is to remove the dependency on trusting PyPI, i.e. protecting against PyPI getting hacked.
(Note: PyPI protects against MITM with HTTPS.)
Removing this is predicated on the idea that is a low priority threat vector.
No comments yet
Contribute on Hacker News ↗