Techly NewsGet the app

Get the latest tech news

Removing PGP from PyPI


PyPI has removed support for uploading PGP signatures with new releases.

Historically, PyPI has supported uploading PGP signatures alongside the release artifacts in an attempt to provide some level of package signing. However, the approach used had long standing, documented issues which had previously lead us to deemphasize the support for PGP signatures over time by removing them from the PyPI web user interface. While it doesn't represent a massive operational burden to continue to support it, it does require any new features that touch the storage of files to be made aware of and capable of handling these PGP signatures, which is a non zero cost on the maintainers and contributors of PyPI.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of PyPI

PyPI

Photo of Removing PGP

Removing PGP

Related news:

News photo

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

News photo

StackExchange abused to spread malicious PyPi packages as answers

News photo

Leaked admin access token to Python, PyPI, and PSF GitHub repos

Type 2 diabetes: New treatment eliminates insulin for 86% of patients »