[issue37967] Beta GPG signature check failing
mattip
report at bugs.python.org
Wed Sep 11 15:24:14 EDT 2019
mattip <matti.picus at gmail.com> added the comment:
> If you use pubkeys.txt from https://www.python.org/static/files/pubkeys.txt, then GPG verification gives you no additional security
I am confused. If the pubkeys.txt on python.org has no benefit, why does it exist? What is considered best practices for people wanting to verify the download from https://www.python.org/ftp ?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37967>
_______________________________________
More information about the Python-bugs-list
mailing list