Henry Schreiner
Henry Schreiner
I think this was just fixed in #474?
I can make a PR, or just put it here: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2fdec9863e5e14c7bc429f27b9d0e45146a241e8 - any GH email should be fine there too (see https://keyserver.ubuntu.com/pks/lookup?search=0x2fdec9863e5e14c7bc429f27b9d0e45146a241e8&fingerprint=on&op=index for the emails)
We got stuck trying to get my PGP key signed during PyCON. I think I need to export it then reimport it to pick up the new signatures. I'll try...
PGP support has been removed from PyPI: https://blog.pypi.org/posts/2023-05-23-removing-pgp/ Personally, I'd be fine to move to trusted publisher releases.
Yes, but it's simply no longer supported to sign stuff locally with PGP. It will be deleted on upload to PyPI.
The binaries were signed, I believe. How about this: * Require signed git tags (with a list of allowed signatures) to build in CI. * On a signed git tag,...
Wouldn't requiring several maintainers to sign-off on the deployment environment help with that? Then GitHub itself would have to be compromised, I think, as the runner waits for GitHub?
diff-shades reporting "Opération was cancelled" is normal?
Awesome, thanks! > This change is highly unlikely to affect Black's formatting I would hope so. 😆 I'll make the SchemaStore contribution next & mention this PR.
You can't import boto3 inside the isolated environment unless you install it inside the isolated environment (in pyproject.toml). Though do you really need to? Usually, to make the SDist/wheel, you...