Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3.0.0: signature key-id 763629FEC8788FC35128B5F6EE029D1E5EB40300 not found #55

Closed
dvzrv opened this issue Feb 15, 2020 · 7 comments
Closed

3.0.0: signature key-id 763629FEC8788FC35128B5F6EE029D1E5EB40300 not found #55

dvzrv opened this issue Feb 15, 2020 · 7 comments
Labels
acknowledged

Comments

@dvzrv
Copy link

dvzrv commented Feb 15, 2020

For the same reasons I can not build and package gitpython for Arch Linux, I can not build and package gitdb in version 3.0.0.

Please fix the trust chain for the new key or release a new version with the already trusted key.
@Byron
Copy link
Member

Byron commented Feb 15, 2020

Thanks for the reminder - please refer to the linked issue for the anticipated course of action.

This was referenced Feb 23, 2020
Closed
Closed
@dvzrv dvzrv mentioned this issue Feb 25, 2020
Closed
@Byron
Copy link
Member

Byron commented Apr 11, 2020

@dvzrv I have just released v4.0.4 which should be signed with the known key. CC @Harmon758

In May we should be able to move package signing to CI while maintaining a chain of trust.

@dvzrv
Copy link
Author

dvzrv commented Apr 11, 2020

@Byron thanks for being on top of this! :)

I have one follow up question: Why is the package now again pushed to gitdb and not as before gitdb2?

@Byron
Copy link
Member

Byron commented Apr 11, 2020

Please don't mind the above, I used the wrong signing key.

The way I understand it, gitdb2 is just for use by older GitPython releases, where is gitdb is the package we use from here on. The reason for gitdb2 to come into existence in the first place was me losing access to my pypi account when they disabled support for Google as login mechanism.

It's a great reminder though, as probably I should also re-release gitdb2 with the correct signing key for it to be picked up one last time.

@Byron
Copy link
Member

Byron commented May 5, 2020

Release 4.0.5 was created and signed with 2CF6E0B51AAF73F09B1C21174D1DA68C88710E60.
Please feel free to close this issue when verified to be correct.

@dvzrv
Copy link
Author

dvzrv commented Mar 25, 2021

4.0.6 is now also signed with 27C50E7F590947D7273A741E85194C08421980C9.

@dvzrv dvzrv closed this as completed Mar 25, 2021
archlinux-github pushed a commit to archlinux/svntogit-community that referenced this issue Mar 25, 2021
@dvzrv
upgpkg: python-gitdb 1:4.0.6-1: Upgrade to 4.0.6.
31f4639 
Upstream switched to new key-id 27C50E7F590947D7273A741E85194C08421980C9
after breaking their hardware key which carried the previous:
gitpython-developers/gitdb#55

git-svn-id: file:///srv/repos/svn-community/svn@903436 9fca08f4-af9d-4005-b8df-a31f2cc04f65
archlinux-github pushed a commit to archlinux/svntogit-community that referenced this issue Mar 25, 2021
@dvzrv
upgpkg: python-gitdb 1:4.0.6-1: Upgrade to 4.0.6.
b7ef25f 
Upstream switched to new key-id 27C50E7F590947D7273A741E85194C08421980C9
after breaking their hardware key which carried the previous:
gitpython-developers/gitdb#55

git-svn-id: file:///srv/repos/svn-community/svn@903436 9fca08f4-af9d-4005-b8df-a31f2cc04f65
@Byron
Copy link
Member

Byron commented Mar 26, 2021

Thank you @dvzrv for staying on top of this, it's much appreciated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
acknowledged
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Byron @dvzrv