Closed
Description
Hi! I'm packaging python-smmap for Arch Linux.
When trying to build 3.0.1 I noticed that there is no detached PGP signature for the tarball on pypi.
As we have established 2CF6E0B51AAF73F09B1C21174D1DA68C88710E60
as a valid signing key (per TOFU), I can not package version 3.0.1, until this is resolved.
Due to a missing USB dongle (?), both gitpython and gitdb now have a broken chain of trust for their PGP signatures as well.
It would be really great to resolve this.