pypi register page forces insecure 8 char PGP key ID
I just signed up for an account on pypi to upload my python projects. Its a great site, and I've been happy to see pypi start to take security seriously. I was happy to see that the registration procedure included a spot to put my PGP key ID. Unfortunately, when I put in my 16 char key ID, it told me that it wasn't supported. When I put in the last 8 chars, then it worked.
The problem is that 8 char key IDs are easily spoofable. Ideally, pypi would request at least 16 chars. It should definitely allow 16 chars, and not force the insecure 8 char standard.
For more on this topic, including how to generate a PGP that matches any 8 char key ID: http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html