Package signing in PIP - It works, in a roundabout sort of way
A few days ago, I made this DEV.to post about how Python's PIP lacks GPG package signing. Well, it turns out that I'm wrong! It does have a package signing process after all, only its one of the most manual, archaic and cumbersome security practices I've seen till date …
Read More