No signature for the 4.35.0 release

[D4N]

It looks like the 4.35.0 release has just been tagged, but no gpg signature has been uploaded like for the previous releases.

Was this an oversight or was that intentional?

[vermeeren]

@D4N Sort of both actually, I've been handling the releases since mid-2018 (whew). The tags in git have been signed all along since then. Eventually detached signatures were also added to GitHub releases feature in early 2021 as a distro packager requested it (and it indeed makes more sense to do it that way).

In recent months, perhaps year, I've been getting unexpectedly busy with other things resulting in all sorts of backlog, which includes Breathe sadly. A new release was needed for the new Sphinx asap, after discussing with @michaeljones we decided to release unsigned to PyPI and fix the PGP signatures proper when I can find the time later.

For a more long-term solution, we are considering having a PGP key specific for Breathe and sharing it across maintainers with release permissions. Nothing concrete yet though.

For now I force-updated the v4.35.0 git tag so it has a signature (commit is the same) and created a GitHub release with the usual detached signature. Ran into some problems due to git changes with the tarball, those are fixed in #904. Should be all good for this release now.

Cheers

(Edit: I still have a lot of other things to check, so to those waiting: I haven't forgotten!)