GPG?

[tianon]

Sorry if I'm just being "PyPi ignorant", but would it be worthwhile to sign releases?

(Of course, my motives are extremely selfish and I just want to play with uscan's ability to verify signatures, but I know you're a big fan of GPG so I figured it might be something you'd consider.)

♥

[trivigy]

Agreed.

[asvetlov]

I think it's not a good idea.
pip is going to drop GPG signatures, see pypa/pip#2314 (comment)

[barrachri]

I think we can close this, feel free to re-open the issue in case :)