alt Hacker NewsBoth CPython and distributions on PyPI are more effectively signed than they were before.
(I think you already know this, but want to relitigate something that’s not meaningfully controversial in Python.)
Both CPython and distributions on PyPI are more effectively signed than they were before.
(I think you already know this, but want to relitigate something that’s not meaningfully controversial in Python.)
Being signed by some entity which is not the author is hardly more effective.
(I think you already know this as well)