Issue #517 wontfix
Downloading and installing a distribution is more secure when the release is signed with the maintainer's cryptographic (GnuPG) key.
Please refine the release process to include cryptographic signatures:
- Choose (or create) a GnuPG key pair for the Coverage.py release manager.
- Get the public key signed and well connected in the web of trust, and uploaded to the GnuPG key server network.
- Sign each release in PyPI with that key.