[issue37967] release candidate is not gpg signed (and missing release workflow)?
Ned Deily
report at bugs.python.org
Wed Aug 28 11:23:37 EDT 2019
Ned Deily <nad at python.org> added the comment:
The description of this issue is incorrect. All the release artifacts for the 3.8.0b3 have GPG signatures available - see https://www.python.org/downloads/release/python-380b3/ - like all other releases. Looking at the log of the failed Travis run in https://github.com/pypa/manylinux/pull/333, the failure there appears to be not finding the release manager's public key to verify the GPG signature against. There is a languishing open issue about the published public keys files having bogus keys in it (https://github.com/python/pythondotorg/issues/1395), perhaps that is related. I'll take a close look shortly.
----------
assignee: -> ned.deily
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37967>
_______________________________________
More information about the Python-bugs-list
mailing list