muenchen.social ist Teil des dezentralen sozialen Netzwerks, das von Mastodon betrieben wird.
Hallo auf muenchen.social Dies ist eine deutschsprachige Mastodon Instanz für München zum tröten, neue Leute kennenlernen, sich auszutauschen und Spass zu haben.

Verwaltet von:

Serverstatistiken:

1,3 Tsd
aktive Profile

Mehr erfahren

vanitasvitae<p>Just figured out, that the massive performance hit my <a href="https://fosstodon.org/tags/PGPainless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGPainless</span></a> test suite was suffering since I started to port to a newer BC version was caused by the default S2K iteration count being bumped to 0xff instead of 0x60.<br>This had caused the runtime of the test suite to rise to 7 minutes compared to ~1 minute.</p><p>I decided to dial down the default value again, but make it customizable :D</p><p><a href="https://fosstodon.org/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a></p>
Delta Chat<p>We are not aware of other FOSS development teams that have as extensive knowledge, both theoretical and practical, about <a href="https://chaos.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> and <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> and regularly release across all platforms for users world wide ... except for <a href="https://chaos.social/tags/protonmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>protonmail</span></a> with whose technical and security experts we discuss regularly. They are the other major game in town doing pervasive email encryption after all. Did you know that Proton's and delta's VCards are compatible across ecosystems and establish immediate encryption?</p>
Delta Chat<p><span class="h-card"><a href="https://jura.social/@mathilde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mathilde</span></a></span> <a href="https://chaos.social/tags/chatmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatmail</span></a> server users don't have these problems because they don't even need to know their password or email address. Messages in delta chat are stored locally and the server only stores them for a limited time, up to 20 days by default, so all devices have a chance to download the message. Blocklists are also not used, the only requirements are <a href="https://chaos.social/tags/DKIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DKIM</span></a> signature and <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> encryption.</p>
Keith Nasman<p>Remember the old days with key signing parties? I never really got into that but I think with all the "AI" bots we are going to get to a place where we need to have trust networks built on cryptographic keys to filter out the crap.</p><p>Note to self: Set up public key and share it.</p><p><a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> <a href="https://fosstodon.org/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSL</span></a></p>
Neustradamus :xmpp: :linux:<p><a href="https://mastodon.social/tags/GnuPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GnuPG</span></a> 2.5.5 (dev) has been released (<a href="https://mastodon.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> / <a href="https://mastodon.social/tags/GPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GPG</span></a> / <a href="https://mastodon.social/tags/GNUPrivacyGuard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GNUPrivacyGuard</span></a> / <a href="https://mastodon.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> / <a href="https://mastodon.social/tags/PrettyGoodPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrettyGoodPrivacy</span></a> / <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> / <a href="https://mastodon.social/tags/Gpg4win" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gpg4win</span></a>) <a href="https://gnupg.org/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">gnupg.org/</span><span class="invisible"></span></a></p>
Delta Chat<p>The downside of our project approach was that we often got experts being very dismissive on re-using email and <a href="https://chaos.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> ... and there still is some opposition which often subsides when actually trying <a href="https://chaos.social/tags/deltachat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltachat</span></a> and <a href="https://chaos.social/tags/chatmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>chatmail</span></a>, looking at security audits and our strong usable security focus. </p><p>There may also be surprising upsides. The UK "Online Safety Bill" which attacks end-to-end encryption integrity seems to not apply for ... e-mail. Because everyone knows, e-mail is unencrypted, right? :)</p>
Pirate Praveen<p>Has anyone here on <a href="https://social.masto.host/tags/fedi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedi</span></a> figured out the correct recipe for dealing with <a href="https://social.masto.host/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a>, <a href="https://social.masto.host/tags/DMARC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DMARC</span></a> and <a href="https://social.masto.host/tags/mailman" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mailman</span></a> ?</p><p>The problem, by default mailman will modify messages and this will break the dkim signature.<br><a href="https://gitlab.com/mailman/mailman/-/issues/1079" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.com/mailman/mailman/-/i</span><span class="invisible">ssues/1079</span></a></p><p>Mailman provides two DMARC mitigation options (other option is reject or discard which is not useful in this case).</p><p>1. Replace the from address with list address<br>2. Wrap original message in an envelope</p><p>thunderbird flags 1 and fails 2.<br><a href="https://social.masto.host/tags/askfedi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>askfedi</span></a> <a href="https://social.masto.host/tags/gnupg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gnupg</span></a> <a href="https://social.masto.host/tags/gpg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gpg</span></a> <a href="https://social.masto.host/tags/thunderbird" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>thunderbird</span></a></p>
Em :official_verified:<p>New Privacy Guides article 🔑✨<br>by me: </p><p>If you are using a YubiKey, </p><p>you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.</p><p>This tutorial will guide you <br>through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.</p><p>I hope you find it helpful!</p><p><a href="https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">privacyguides.org/articles/202</span><span class="invisible">5/03/06/yubikey-reset-and-backup/</span></a></p><p><a href="https://infosec.exchange/tags/PrivacyGuides" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyGuides</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/Yubico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Yubico</span></a> <a href="https://infosec.exchange/tags/YubiKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YubiKey</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTP</span></a> <a href="https://infosec.exchange/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MFA</span></a></p>
Lars Wirzenius<p>I've made release 0.3.0 of sopass, my command line password manager that uses a Stateless OpenPGP implementation for cryptography.</p><p>* configuration file<br>* add value from named file or stdin<br>* default to rsop<br>* manual page, built-in help</p><p><a href="https://sopass.liw.fi/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">sopass.liw.fi/</span><span class="invisible"></span></a></p><p><a href="https://toot.liw.fi/tags/sopass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sopass</span></a> <a href="https://toot.liw.fi/tags/pass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pass</span></a> <a href="https://toot.liw.fi/tags/passwordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwordManager</span></a> <a href="https://toot.liw.fi/tags/commandLine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>commandLine</span></a> <a href="https://toot.liw.fi/tags/cli" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cli</span></a> <a href="https://toot.liw.fi/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> <a href="https://toot.liw.fi/tags/statelessOpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>statelessOpenPGP</span></a> <a href="https://toot.liw.fi/tags/sop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sop</span></a></p>
Lars Wirzenius<p>I made a couple of changes to sopass, my command line password manager that uses a Stateless OpenPGP implementation for cryptography.</p><p>* It no longer creates the configuration file.<br>* It has built-in help for all sub-commands, options, and other command line arguments.</p><p>There is also a rudimentary manual page.</p><p><a href="https://sopass.liw.fi/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">sopass.liw.fi/</span><span class="invisible"></span></a></p><p><a href="https://toot.liw.fi/tags/paswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>paswordManager</span></a> <a href="https://toot.liw.fi/tags/sopass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sopass</span></a> <a href="https://toot.liw.fi/tags/pass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pass</span></a> <a href="https://toot.liw.fi/tags/commandLine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>commandLine</span></a> <a href="https://toot.liw.fi/tags/cli" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cli</span></a> <a href="https://toot.liw.fi/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a> <a href="https://toot.liw.fi/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a></p>
l<p><span class="h-card"><a href="https://chaos.social/@sten" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sten</span></a></span> <br>&gt; Sign-then-encrypt is also a bit dodgy when combined with certain cipher modes.</p><p>You probably refer to "MAC-then-encrypt" vulnerabilities (<a href="https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">moxie.org/2011/12/13/the-crypt</span><span class="invisible">ographic-doom-principle.html</span></a>). <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> encryption and signatures are not on the level where you need to think about such low-level details. OpenPGP encrypted packets (Symmetrically Encrypted and Integrity Protected Data Packet) add integrity protection after encryption, so encrypted packets are not malleable.</p>
l<p><span class="h-card"><a href="https://chaos.social/@sten" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sten</span></a></span> <br><a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> messages are normally signed then encrypted. E.g. RFC 4880 says "OpenPGP implementations SHOULD compress the message after applying the signature but before encryption.".</p><p>This is what <span class="h-card"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> does.</p><p>This is also written down explicitly in <a href="https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-17.html#name-encryption-outside-signatur" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ietf.org/archive/id/draft-ietf</span><span class="invisible">-lamps-e2e-mail-guidance-17.html#name-encryption-outside-signatur</span></a></p><p>But you can do whatever suits your application, OpenPGP is used not only for message encryption.</p>
Rivane Rasetiansyah<p>Initializing a new project - Interplanetary Markdown. Might explore a <a href="https://fosstodon.org/tags/Web3" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Web3</span></a> (off-chain) approach later for a better experience, but for now, keeping it simple with good old <a href="https://fosstodon.org/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a>.</p><p>A censorship-resistant <a href="https://fosstodon.org/tags/Markdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Markdown</span></a> publishing platform, enabling seamless content distribution. Powered by the Interplanetary File System (<a href="https://fosstodon.org/tags/IPFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IPFS</span></a>), ensuring <a href="https://fosstodon.org/tags/blogs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blogs</span></a>, <a href="https://fosstodon.org/tags/articles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>articles</span></a>, and other written content remain accessible and verifiable across the distributed web.</p><p><a href="https://github.com/rvnrstnsyh/cupoftea" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">github.com/rvnrstnsyh/cupoftea</span><span class="invisible"></span></a></p>
boredsquirrel<p><span class="h-card"><a href="https://fosstodon.org/@libreoffice" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>libreoffice</span></a></span> </p><p>The <a href="https://tux.social/tags/Libreoffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Libreoffice</span></a> Youtube channel is posting a lot of interesting talks from the "Libreoffice and <a href="https://tux.social/tags/Opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Opensource</span></a> Conference 2024"</p><p>Some of them:</p><p><a href="https://tux.social/tags/LuxChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LuxChat</span></a> for Governments: <a href="https://www.youtube.com/watch?v=JXdMKaEXq0Q" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=JXdMKaEXq0</span><span class="invisible">Q</span></a></p><p><a href="https://tux.social/tags/OpenDesk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenDesk</span></a> on <a href="https://tux.social/tags/OpenCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenCode</span></a>: <a href="https://www.youtube.com/watch?v=rVhAltODe-M" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=rVhAltODe-</span><span class="invisible">M</span></a></p><p><a href="https://tux.social/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Education</span></a>: <a href="https://www.youtube.com/watch?v=V4fkWfuFXfo" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=V4fkWfuFXf</span><span class="invisible">o</span></a></p><p><a href="https://tux.social/tags/Encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encrypted</span></a> and <a href="https://tux.social/tags/Signed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signed</span></a> Documents (UI, with <a href="https://tux.social/tags/OpenPGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPGP</span></a> or <a href="https://tux.social/tags/x509" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>x509</span></a>): <a href="https://www.youtube.com/watch?v=W-qFr8tL-LE" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=W-qFr8tL-L</span><span class="invisible">E</span></a></p><p><a href="https://tux.social/tags/Matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Matrix</span></a> <a href="https://tux.social/tags/Luxembourg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Luxembourg</span></a></p>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Good afternoon, folks! Just a quick reminder: PGP isn't dead. Sign with pride!

Signed with my GPG key: 1BBD C23D 1853 255D 6415 D2EC 814E DF85 1AAB 370E

#OpenPGP #GPG #Cybersecurity #Tech #DigitalIdentity #SignYourCode
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQTHaQ+iFRwfaXx+TxhjUbpCCVDiNAUCZ7cd5gAKCRBjUbpCCVDi
NOZSAPoDPFoZXKuxya98iY6nAV6hzgOghpqF/OtOVSW4qtEdMQEA3x/jqaD4R9vo
qi89wA4Hsd4KeqwTSQxKDECesI+W8QU=
=3gty
-----END PGP SIGNATURE-----

Guten Morgen Pinguine! Eine kleine Info / Status update \o/

Ein erster Meilenstein ist erreicht! Ich habe heute einen ersten tag (0.0.1) für libcxmpp erstellt. Es ist nicht viel, aber ein Anfang.

#libcxmpp besteht aus einer kleinen Menge von #GObject types. Diese sollen eine einfach zu verwendete Schnittstelle für Funktionen rundum #XMPP bereitstellen. Aktuell ist es möglich, dass sich ein Client mit einem XMPP Server verbindet, eine presence schickt. Den roster abfragt und einfach Nachrichten (type chat) senden und empfangen kann.

Hierfür habe ich eine Demo Implementierung im Projekt angelegt. Dies sieht dann wie folgt aus.

Loading Client Manager...
XMPP> connect
XMPP Connect - JID> demo@domain.tld
XMPP Connect - PWD> 123456
XMPP> Client has been connected with XMPP Server

XMPP> presence
XMPP> message
XMPP Message - JID> stefan@domain.tld
XMPP Message - Text> Hallo! Das ist ein Test :)
XMPP> Message from stefan@domain.tld/Coffein: Hallo. Die Nachricht ist angekommen.

Anwendungsdesign muss ich mir noch mal genauer überlegen. Der ersten Entwurf beinhaltet einen CM (Connection Manager). Der Connection Manager soll alle Accounts und Connections verwalten. Die Connection ist eine funktionale Sicht auf die XMPP Verbindung, währen der XMPP Wrapper die technische Implementierung via #libstrophe bereitstellt.

Der Client kann sich mit Signalen verbinden - #signal :-x

g_signal_connect_object(connection, "connected",
G_CALLBACK(cxmpp_connected), connection,
G_CONNECT_SWAPPED);

g_signal_connect_object(connection, "new-contact",
G_CALLBACK(new_contact), connection,
G_CONNECT_SWAPPED);

g_signal_connect_object(connection, "new-chat-message",
G_CALLBACK(new_chat_message), connection,
G_CONNECT_SWAPPED);

Ausblick für den nächsten Meilenstein

Als Backend solle eine #sqlite Datenbank verwendet werden. Verschlüsselung im ersten Schritt mit #OpenPGP #OX via #GnuPG. Ziel ist es, dass ich im ersten Schritt die Implementierung von #xmppc (ein XMPP command line client) auf #libcxmpp umstellen kann.

Code ist auf #Codeberg https://codeberg.org/devLUG/libcxmpp

Happy chatting!

#Messenger #Debian #GNU #Linux #Jabber
libcxmppCodeberg.org

Isn't it poetic and ironic that out of all possible time lines we are in one where #securejoin #openpgp protocols on top of the existing #email protocols offer the arguably most solidly scaling, useable, world-wide federated end-to-end encrypted messaging reality, safe against compromised #mitm servers? Hundreds of billions spend to create "the email successor" and here we are in 2025 .... #interoperable #email and #cryptography as the tortoise looking at Achilles through the back mirror :)

It's no slight on the #Python maintainers that the #OpenPGP system is inadequate. They have correctly sounded the alarm, they're right that the system has lots of problems and should be replaced.

What I do fault the Python maintainers for, is dismissing valid concerns about GitHub and Google, by recommending them as replacement. If we don't have an open replacement, that's bad, but that doesn't justify vesting trust in proven untrustworthy entities.

@todd_a_jacobs

#ProtocolsNotPlatforms

I’m *trying* to like #Python again, but PEP-761 requires #sigstore. #OpenPGP key management has issues, but this requires trusting #openidconnect from #Google & #Microsoft. Plus there’s a stated design goal of supporting automated signatures from private keys held by #GitHub.

Easier? Probably. Safer? Probably not. Security is about trust and the required certificate authorities haven’t earned mine over the past 20 years. As always, YMMV.

peps.python.org/pep-0761/

PEP 761 – Deprecating PGP signatures for CPython artifacts | peps.python.orgPython Enhancement Proposals (PEPs)