The archives at PyPi seem to be signed — which is good, many thanks for this: Anyhow I would appreciate to have the Fingerprint of the signing key documented in the manual or Readme as well as where to get the public key.
Releases at PyPi are signed with Tryton's PGP/GNUPG key.
The Key-ID is 74FFD574860D31EE39440963574F6EFF4E477517.
To fetch the public key you can use the following command:
gpg --keyserver hkp://keyserver.ubuntu.com
--recv-keys 74FFD574860D31EE39440963574F6EFF4E477517
Fine, good to know. Anyhow I ask for documenting this fact and where to get the key from. This makes distribution packager’s live easier. Thx is advance.