iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 101: Add information on Sigstore (#3085) 

Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
This commit is contained in:
Łukasz Langa 2023-04-07 23:27:47 +02:00 committed by GitHub
parent 2ad19ddeb0
commit c607a47b45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pep-0101.txt
View File

@ -78,6 +78,11 @@ Here's a hopefully-complete list.
* A subscription to the super secret release manager mailing list, which may * A subscription to the super secret release manager mailing list, which may
or may not be called ``python-cabal``. Bug Barry about this. or may not be called ``python-cabal``. Bug Barry about this.
* A ``@python.org`` email address that you will use to sign your releases
with. Ask ``postmaster@`` for an address; you can either get a full
account, or a redirecting alias + SMTP credentials to send email from
this address that looks legit to major email providers.
Types of Releases Types of Releases
================= =================
@ -121,9 +126,10 @@ release. The roles and their current experts are:
* RM = Release Manager * RM = Release Manager
- Łukasz Langa <lukasz@python.org> (Central Europe) - Thomas Wouters <thomas@python.org> (NL)
- Ned Deily <nad@python.org> (US)
- Pablo Galindo Salgado <pablogsal@python.org> (UK) - Pablo Galindo Salgado <pablogsal@python.org> (UK)
- Łukasz Langa <lukasz@python.org> (PL)
- Ned Deily <nad@python.org> (US)
* WE = Windows - Steve Dower <steve.dower@python.org> * WE = Windows - Steve Dower <steve.dower@python.org>
* ME = Mac - Ned Deily <nad@python.org> (US) * ME = Mac - Ned Deily <nad@python.org> (US)
@ -321,6 +327,10 @@ to perform some manual editing steps.
tarballs and signatures in a subdirectory called ``X.Y.ZaN/src``, and the tarballs and signatures in a subdirectory called ``X.Y.ZaN/src``, and the
built docs in ``X.Y.ZaN/docs`` (for **final** releases). built docs in ``X.Y.ZaN/docs`` (for **final** releases).
Note that the script will sign your release with Sigstore. Please use
your **@python.org** email address for this. See here for more information:
https://www.python.org/download/sigstore/.
- Now you want to perform the very important step of checking the - Now you want to perform the very important step of checking the
tarball you just created, to make sure a completely clean, tarball you just created, to make sure a completely clean,
virgin build passes the regression test. Here are the best virgin build passes the regression test. Here are the best
@ -689,6 +699,11 @@ with RevSys.)
(It's best to update add-to-pydotorg.py when file types (It's best to update add-to-pydotorg.py when file types
are removed, too.) are removed, too.)
The script will also sign any remaining files that were not
signed with Sigstore until this point. Again, if this happens,
do use your @python.org address for this process. More info:
https://www.python.org/download/sigstore/
- In case the CDN already cached a version of the Downloads page - In case the CDN already cached a version of the Downloads page
without the files present, you can invalidate the cache using:: without the files present, you can invalidate the cache using::