Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No signature for the 4.35.0 release #901

Open
D4N opened this issue Mar 29, 2023 · 1 comment · May be fixed by #904
Open

No signature for the 4.35.0 release #901

D4N opened this issue Mar 29, 2023 · 1 comment · May be fixed by #904
Assignees
Labels
packaging Requirements, setup.py, etc regression Something broke that worked in the past

Comments

@D4N
Copy link
Contributor

D4N commented Mar 29, 2023

It looks like the 4.35.0 release has just been tagged, but no gpg signature has been uploaded like for the previous releases.

Was this an oversight or was that intentional?

@vermeeren vermeeren linked a pull request Mar 31, 2023 that will close this issue
@vermeeren
Copy link
Collaborator

vermeeren commented Mar 31, 2023

@D4N Sort of both actually, I've been handling the releases since mid-2018 (whew). The tags in git have been signed all along since then. Eventually detached signatures were also added to GitHub releases feature in early 2021 as a distro packager requested it (and it indeed makes more sense to do it that way).

In recent months, perhaps year, I've been getting unexpectedly busy with other things resulting in all sorts of backlog, which includes Breathe sadly. A new release was needed for the new Sphinx asap, after discussing with @michaeljones we decided to release unsigned to PyPI and fix the PGP signatures proper when I can find the time later.

For a more long-term solution, we are considering having a PGP key specific for Breathe and sharing it across maintainers with release permissions. Nothing concrete yet though.

For now I force-updated the v4.35.0 git tag so it has a signature (commit is the same) and created a GitHub release with the usual detached signature. Ran into some problems due to git changes with the tarball, those are fixed in #904. Should be all good for this release now.

Cheers

(Edit: I still have a lot of other things to check, so to those waiting: I haven't forgotten!)

@vermeeren vermeeren self-assigned this Mar 31, 2023
@vermeeren vermeeren added regression Something broke that worked in the past packaging Requirements, setup.py, etc labels Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
packaging Requirements, setup.py, etc regression Something broke that worked in the past
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants