The archives at PyPi seem to be signed — which is good, many thanks for this: Anyhow I would appreciate to have the Fingerprint of the signing key documented in the manual or Readme as well as where to get the public key.
Releases at PyPi are signed with Tryton's PGP/GNUPG key.
The Key-ID is 74FFD574860D31EE39440963574F6EFF4E477517.
To fetch the public key you can use the following command:
gpg --keyserver hkp://keyserver.ubuntu.com
--recv-keys 74FFD574860D31EE39440963574F6EFF4E477517It is just my GPG key as I’m doing the releases.
Fine, good to know. Anyhow I ask for documenting this fact and where to get the key from. This makes distribution packager’s live easier. Thx is advance.
Since you’ve got all the relevant informations maybe you can propose a patch?
Relevant information i still missing: which key-server can the key be retrieved from?
Any reputable server as they exchange key updates.
But it is probably better to do like Python and use my cedrickrier (Cédric Krier) | Keybase profile.