DEV Community

Discussion on: Why doesn't the python package manager (PIP) have package signing feature?

View post

Replies for: There is no flaw in PGP, many other highly used projects like Debian and Ubuntu sign their packages using PGP. It seems, they (Python team) just do...

Collapse
 
michaelbukachi profile image
Michael Bukachi

There are flaws. Read this. There are other discussions online.
There are PEPs with proposals to fix the problem but they haven't been approved. Till then, developer vigilance is required.