kitterma
commented
4 years ago I don't think pypi will let me do that now. If you want me to send you the signature file so you can verify it, I can do so.
Closed dvzrv closed 4 years ago
kitterma
commented
4 years ago I don't think pypi will let me do that now. If you want me to send you the signature file so you can verify it, I can do so.
kitterma
commented
4 years ago 0.12.2 is uploaded to both github and pypi with the signature file, so that should resolve this issue.
Hi! I'd like to package python-authheaders for Arch Linux (as I need it for mailman3). However, the latest release 0.12.1 is missing a detached PGP signature (although former versions have this, both on pypi and here on github).
I know this probably happened for no bad reason, but in the light of last year's supply chain attacks on several distros and language repositories, @kitterma I'm hereby asking you to please add a PGP signature to the last release, so that downstreams can verify it.