Closed NicoHood closed 6 years ago
@NicoHood Can you please check to what extend these files match your requirements? I have just used twine upload -s -i <me> dist/*
to do produce the signature, and on top of that all my commits are now signed with the same key.
As stated in the other comment, it all works perfectly. Thanks
The gpg key got revoked. See https://github.com/gitpython-developers/smmap/issues/36#issuecomment-401588237
Sorry for the late reply! I have uploaded version 2.0.4 just for the purpose of signing it with a valid key of mine.
Thanks. And please do not always switch your gpg keys. You can update the key expire date when its near expiring. Otherwise there is no real security in GPG.
As we all know, today more than ever before, it is crucial to be able to trust our computing environments. One of the main difficulties that package maintainers of Linux distributions face, is the difficulty to verify the authenticity and the integrity of the source code.
The Arch Linux team would appreciate it if you would provide us GPG signatures in order to verify easily and quickly your source code releases.
Overview of the required tasks:
GPGit is meant to bring GPG to the masses. It is not only a shell script that automates the process of creating new signed git releases with GPG but also comes with this step-by-step readme guide for learning how to use GPG.
Additional Information:
Thanks in advance.