You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! When trying to package 4.0.8 for Arch Linux I ran into a bad signature for the sdist tarball on pypi.org:
gpg --verify gitdb-4.0.8.tar.gz.asc
gpg: assuming signed data in 'gitdb-4.0.8.tar.gz'
gpg: Signature made 2021-10-23T02:39:33 CEST
gpg: using RSA key EAF9CCFCD0876408F297C60A9CB5EE7895E8268B
gpg: BAD signature from "Sebastian Thiel (YubiKey USB-C) <[email protected]>" [unknown]