Closed brifordwylie closed 6 years ago
This is done.
@hellais Is this still done?
On pypi the only way I have to get the signature is to force append '.asc' to the release link. There is not even a link to the signature file in the UI...
@w2ak
Is this still done?
Yes, I always upload a signed tar.gz as part of the release process. I just checked and it seems like the latest pypi website doesn't have a link to the signature, but it does store it as you can see from this link: https://files.pythonhosted.org/packages/33/21/d1f24d8a93e4e11bf604d77e04080c05ecb0308a5606936a051bd2b2b5da/pypcap-1.2.2.tar.gz.asc
Maybe @dstufft has some ideas on what would be the relevant place to file a ticket for this if it's not already planned (or maybe I am just missing the obvious place where it should be).
This seems to be the relevant warehouse ticket for adding signatures to the UI: https://github.com/pypa/warehouse/issues/3810
Edit: I filed a PR to warehouse adding support for this here: https://github.com/pypa/warehouse/pull/4314
@hellais would like for the pypi releases to be gpg signed.