3.0.0: signature key-id 763629FEC8788FC35128B5F6EE029D1E5EB40300 not found

Question

3.0.0: signature key-id 763629FEC8788FC35128B5F6EE029D1E5EB40300 not found

dvzrv opened this issue 6 years ago · 7 comments

For the same reasons I can not build and package gitpython for Arch Linux, I can not build and package gitdb in version 3.0.0.

Please fix the trust chain for the new key or release a new version with the already trusted key.

Answer 1 · 2020-02-15T11:16:27.000Z

Thanks for the reminder - please refer to the linked issue for the anticipated course of action.

Answer 2 · 2020-04-11T06:43:45.000Z

@dvzrv I have just released v4.0.4 which should be signed with the known key. CC @Harmon758

In May we should be able to move package signing to CI while maintaining a chain of trust.

Answer 3 · 2020-04-11T09:15:04.000Z

@Byron thanks for being on top of this! :)

I have one follow up question: Why is the package now again pushed to gitdb and not as before gitdb2?

Answer 4 · 2020-04-11T11:32:44.000Z

Please don't mind the above, I used the wrong signing key.

The way I understand it, gitdb2 is just for use by older GitPython releases, where is gitdb is the package we use from here on. The reason for gitdb2 to come into existence in the first place was me losing access to my pypi account when they disabled support for Google as login mechanism.

It's a great reminder though, as probably I should also re-release gitdb2 with the correct signing key for it to be picked up one last time.

Answer 5 · 2020-05-05T03:54:31.000Z

Release 4.0.5 was created and signed with 2CF6E0B51AAF73F09B1C21174D1DA68C88710E60.
Please feel free to close this issue when verified to be correct.

Answer 6 · 2021-03-25T20:04:08.000Z

4.0.6 is now also signed with 27C50E7F590947D7273A741E85194C08421980C9.

Answer 7 · 2021-03-26T00:31:42.000Z

Thank you @dvzrv for staying on top of this, it's much appreciated.