Closed dvzrv closed 11 months ago
Yeah, something is wrong in the CI script: https://builds.sr.ht/~whynothugo/job/1029894#task-package-197
I've fixed CI and tagged 4.3.1, which is now on PyPI: https://pypi.org/project/todoman/4.3.1/
Note that git-tags are signed, but this isn't useful to you since you prefer a tarball to a git-tag, right?
Would a gpg-signed tarball be a better choice?
I'm fine with a signed tag or a signed tarball. Since PyPI doesn't host sdist tarball signature files anymore, feel free to attach those to a release or something like that (whatever is most convenient for you).
Tags are already gpg-signed, all the way back to v1.0.0 in 2015 :)
I'll consider pushing signed tarballs as well though, several distributions expect to fetch tarballs, not git clone
s.
Hi! I'm packaging this project for Arch Linux. For upstream tracking I'm relying on releases on pypi (currently). Unfortunately 4.3.0 has not made its way there. Did something go wrong?