Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Some GPG key links on /download lead to 404s #1290
Comments
|
Thanks for the report. There have been recent discussions elsewhere about our old practice of hosting PGP public keys on python.org and have come to the conclusion that having them on the same website as the files to be downloaded is a bad practice as it provides no additional security and, worse, could provide an attack vector if somehow python.org security were compromised. Thus we have updated the PGP section of the Download files and will no longer provide the combined pubkeys.txt file. The bottom line is that public keys should be obtained from a public key server or some other mechanism that you trust. |
On https://www.python.org/downloads/, section "OpenPGP Public Keys", the following are not available for download anymore:
Retrieving them directly from GPG key servers via
gpg --recv-keysstill works.The text was updated successfully, but these errors were encountered: