Testing Site Testing Site

skip to navigation
skip to content

PyPI Security


If you have a query or report to make regarding security please contact Donald Stufft and/or Ernest W. Durbin III. Both have GPG keys on key servers like pgp.mit.edu.

Donald's GPG key has key id 0x6E3CBCE93372DCFA (full fingerprint 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA) and his email address is donald@python.org

Ernest's GPG key has key id 0x88159C24830F6F7E (full fingerprint 11CD 3DD9 8D7E 61C7 6D1A 3224 8815 9C24 830F 6F7E) and his email address is ernest@python.org

You may also report issues in the PyPI bug tracker where reports may be made private.

Your Security

You may sign your uploads with GPG using the "--sign" argument to "python setup.py upload".

The file checksums provided with files on PyPI exists only to provide some download corruption protection. It is not intended to provide any sort of security regarding tampering. Please use GPG signing and verification via your Web of Trust for that.