[issue37967] Beta GPG signature check failing
Ned Deily
report at bugs.python.org
Thu Sep 12 07:19:53 EDT 2019
Ned Deily <nad at python.org> added the comment:
> If the pubkeys.txt on python.org has no benefit, why does it exist?
That's an excellent question! Based on the points raised here and elsewhere, we discussed this more off-line and decided that we should remove the pubkeys.txt file from the website since, as noted here, it encourages a false sense of security and has proven difficult to keep up-to-date.
I have submitted a request to have the file removed from the website (it may take some time for the URL to disappear) and have already updated the wording in the OpenPGP section of the Downloads page of the website. If anyone has suggestions for improvements to the wording, feel free to submit them on the pythondotorg issue tracker.
Thanks all for bringing this up and helping to come to a resolution.
https://www.python.org/downloads/
https://github.com/python/pythondotorg/pull/1509
https://github.com/python/pythondotorg/issues
----------
resolution: -> fixed
stage: -> resolved
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37967>
_______________________________________
More information about the Python-bugs-list
mailing list