Rebuild Todo List Fix reproducibility of packages broken by PyPI removing signature files

2023-07-26 - David Runge

Since PyPI first deprecated the use of OpenPGP signatures [1] and then broke downloading existing signature files via predictable URLs(!), the reproducibility of some packages [2] is now broken because of that.

To ensure the continued chain of trust as well as the reproducibility of packages, please get in touch with the affected upstreams and ask for signature files for existing (if feasible/relevant) and upcoming releases to be provided elsewhere (e.g. their own project space at their respective source forge).

If a request for signature files fails, non-predictable PyPI URLs can be used. For example: https://files.pythonhosted.org/packages/1d/c7/28220d37e041fe1df03e857fe48f768dcd30cd151480bf6f00da8713214a/py-ubjson-0.16.1.tar.gz.asc.

Rebuilds go straight to the stable repositories.

[1] https://blog.pypi.org/posts/2023-05-23-removing-pgp/
[2] https://gitlab.archlinux.org/search?group_id=11323&nav_source=navbar&scope=blobs&search=%22pythonhosted%22+%2B+%28%22.asc%22+%7C+%22.sig%22%29+filename%3A*PKGBUILD

Link to lists of pkgbase values:

Filter Todo List Packages

Select filter criteria
19 packages displayed out of 19 total packages.
Arch Repository Name Current Version Staging Version Maintainers Status Last Touched By
any Extra mailman3-hyperkitty 1.2.1-3 1.2.1-4 dvzrv Complete dvzrv
any Extra nikola 8.3.0-2 8.3.0-3 dvzrv Complete dvzrv
x86_64 Extra picard 2.11-1 2.11-2 dvzrv Complete dvzrv
any Extra python-authheaders 0.16.2-1 0.16.2-2 dvzrv Complete dvzrv
any Extra python-characteristic Complete polyzen
any Extra python-flufl.testing Complete dvzrv
x86_64 Extra python-html5-parser 0.4.11-1 0.4.12-2 jelle Incomplete
any Extra python-josepy 1.14.0-1 1.14.0-2 grawlinson Complete grawlinson
any Extra python-lazr.config 3.0-2 3.0-3 dvzrv Incomplete
any Extra python-lazr.delegates 2.1.0-2 2.1.0-3 dvzrv Incomplete
x86_64 Extra python-librabbitmq 2.0.0-9 2.0.0-10 Incomplete
any Extra python-mailmanclient 3.3.5-3 3.3.5-4 dvzrv Complete dvzrv
any Extra python-markdown-math 0.8-6 0.8-7 farseerfc Incomplete
any Extra python-markups 3.1.3-8 3.1.3-9 jlichtblau Incomplete
any Extra python-mechanize 1:0.4.8-2 1:0.4.8-3 jelle Incomplete
any Extra python-progressbar 4.4.2-1 4.4.2-2 jelle, dvzrv Complete dvzrv
any Extra python-scramp 1.4.4-3 1.4.4-4 yan12125 Complete yan12125
x86_64 Extra python-ubjson 0.16.1-6 0.16.1-7 yan12125 Complete yan12125
any Extra retext 8.0.1-1 8.0.2-2 farseerfc Incomplete