Message352115
> If the pubkeys.txt on python.org has no benefit, why does it exist?
That's an excellent question! Based on the points raised here and elsewhere, we discussed this more off-line and decided that we should remove the pubkeys.txt file from the website since, as noted here, it encourages a false sense of security and has proven difficult to keep up-to-date.
I have submitted a request to have the file removed from the website (it may take some time for the URL to disappear) and have already updated the wording in the OpenPGP section of the Downloads page of the website. If anyone has suggestions for improvements to the wording, feel free to submit them on the pythondotorg issue tracker.
Thanks all for bringing this up and helping to come to a resolution.
https://www.python.org/downloads/
https://github.com/python/pythondotorg/pull/1509
https://github.com/python/pythondotorg/issues |
|
Date |
User |
Action |
Args |
2019-09-12 11:19:53 | ned.deily | set | recipients:
+ ned.deily, christian.heimes, lukasz.langa, mattip, lkollar |
2019-09-12 11:19:53 | ned.deily | set | messageid: <1568287193.13.0.902724384679.issue37967@roundup.psfhosted.org> |
2019-09-12 11:19:53 | ned.deily | link | issue37967 messages |
2019-09-12 11:19:53 | ned.deily | create | |
|