-
Improvement
-
Resolution: Fixed
-
Normal
-
None
-
None
Since PyPI stopped supporting file signatures this broke download and verification for some upstream packagers, like Arch Linux.
We should provide officially signed source packages. Currently the Github provided source downloads are used. Instead the CI build should generate custom source packages that we can code sign with the GnuPG key.
The current code signing key is 68990DD0B1EDC129B856958167997E14D563DA7C
- is related to
-
PICARD-1934 GPG key used for signing is DSA 1024bit (unusable for verification)
-
- Closed
-