Seems that PyPI supports OpenPGP signatures but it seems to be not very common yet. Also pip has no native way of checking the signatures yet (tracked upstream: https://github.com/pypa/pip/issues/1035). As the signing part does not have a big overhead and can be automated with the release process I would suggest to do that for the next release. Here is an example Python package which uses this: hlc. Also refer to the Makefile of the package where all of the signing is automated :wink:
Seems that PyPI supports OpenPGP signatures but it seems to be not very common yet. Also
piphas no native way of checking the signatures yet (tracked upstream: https://github.com/pypa/pip/issues/1035). As the signing part does not have a big overhead and can be automated with the release process I would suggest to do that for the next release. Here is an example Python package which uses this: hlc. Also refer to the Makefile of the package where all of the signing is automated :wink:Related to: #164 Refs: