Roundup Tracker - Issues

Message7777

Author rouilj
Recipients rouilj
Date 2023-05-29.01:29:21
Message-id <1685323761.62.0.712957994425.issue2551279@roundup.psfhosted.org>
In-reply-to 
https://discuss.python.org/t/gpg-signature-support-removed-from-pypi/27014

announces removal of GPG/PGP signatures being uploaded to pypi.
The RELEASE.txt document describes how to upload it. Doc needs to be rewritten
to remove upload to PyPI and a new place for the detached signatures:

  * part of www.roundup-tracker.org doc/security.html page
  * some downloadable location (docs/release-signature/v2.3.0??)
    use the security.htm page as index to the download locations???

needs to decided on and documented.

Update directions on how to verify the source tarball located in
tools/roundup.public.pgp.key.

Also update security.txt to include the location of the roundup project public key in 
tools/roundup.public.pgp.key.

Also there is an earlier version of the key on pgp.mit.edu. It needs to be updated.
I tried this evening by uploading the pgp part of tools/roundup.public.pgp.key, but
searching immediately after still returned the key that expires in 2023 not the new key that
expires in 2028.
History
Date User Action Args
2023-05-29 01:29:21rouiljsetrecipients: + rouilj
2023-05-29 01:29:21rouiljsetmessageid: <1685323761.62.0.712957994425.issue2551279@roundup.psfhosted.org>
2023-05-29 01:29:21rouiljlinkissue2551279 messages
2023-05-29 01:29:21rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020