Skip to content

Make artifact verification instructions more visible #2463

New issue
New issue
Open
Open
Make artifact verification instructions more visible#2463
Labels
adminRelates to Django Adminapp/downloadsRelates to the downloads appbackendRelates to the backend of the appfrontendRelates to the frontend of the app
@sethmlarson

Description

@sethmlarson
sethmlarson
opened on Jun 17, 2024

Today our download pages allude to being able to verify artifacts, either through Sigstore (recommended) or GPG, however these instructions aren't as clearly documented as they could be and in theory we want everyone downloading from python.org to be taking advantage of one of these two options.

My proposal is to:

  • Add an anchor to the download details page for GPG identities so it can be linked to directly.
  • For all download detail pages:
    • Provide a link to the instructions for verifying with GPG
    • If there are Sigstore artifacts, also provide links to instructions for verifying Sigstore.
    • Recommend users using Sigstore over GPG when it's available.

Metadata

Metadata

Assignees

No one assigned

    Labels

    adminRelates to Django Adminapp/downloadsRelates to the downloads appbackendRelates to the backend of the appfrontendRelates to the frontend of the app

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions