Rachel's just cooked some chocolate cookies. The smell is extremely distracting. Must go eat warm cookies :)
Astute viewers might notice that along with the normal MD5 checksum, the Python 2.3.1 downloads also have a GPG signature (the "sig" link):
The signatures above were generated with GPG using the release manager's (Anthony Baxter) public key which has a key id of 6A45C816.
And thanks to a key chain of Anthony → Me → Jim Fulton (we signed each other's keys at the recent Sprint here - thanks Jim!) → Barry Warsaw → <a whole lot of people>, there's a large number of people out there that can verify that Anthony really did generate the file they're downloading from python.org.
Jeremy Hylton has written a PyPI Tutorial:
PyPI: the Python Package Index is the latest attempt to create a comprehensive catalog of third-party Python packages. The catalog is integrated with distutils. This tutorial explains how to use setup.py to create PyPI entries.