Message7777
https://discuss.python.org/t/gpg-signature-support-removed-from-pypi/27014
announces removal of GPG/PGP signatures being uploaded to pypi.
The RELEASE.txt document describes how to upload it. Doc needs to be rewritten
to remove upload to PyPI and a new place for the detached signatures:
* part of www.roundup-tracker.org doc/security.html page
* some downloadable location (docs/release-signature/v2.3.0??)
use the security.htm page as index to the download locations???
needs to decided on and documented.
Update directions on how to verify the source tarball located in
tools/roundup.public.pgp.key.
Also update security.txt to include the location of the roundup project public key in
tools/roundup.public.pgp.key.
Also there is an earlier version of the key on pgp.mit.edu. It needs to be updated.
I tried this evening by uploading the pgp part of tools/roundup.public.pgp.key, but
searching immediately after still returned the key that expires in 2023 not the new key that
expires in 2028. |
|
Date |
User |
Action |
Args |
2023-05-29 01:29:21 | rouilj | set | recipients:
+ rouilj |
2023-05-29 01:29:21 | rouilj | set | messageid: <1685323761.62.0.712957994425.issue2551279@roundup.psfhosted.org> |
2023-05-29 01:29:21 | rouilj | link | issue2551279 messages |
2023-05-29 01:29:21 | rouilj | create | |
|