Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad signature on Python-3.11.9.tar.xz #117476

Open
chludwig-haufe opened this issue Apr 2, 2024 · 1 comment
Open

Bad signature on Python-3.11.9.tar.xz #117476

chludwig-haufe opened this issue Apr 2, 2024 · 1 comment
Labels
3.11 only security fixes type-bug An unexpected behavior, bug, or error

Comments

@chludwig-haufe
Copy link

chludwig-haufe commented Apr 2, 2024
edited by github-actions bot

Bug report

Bug description:

My automated builds of Python 3.11.9 fail because gpg reports a bad signature:

$ curl -sSLO "https://www.python.org/ftp/python/3.11.9/Python-3.11.9.tar.xz"
$ curl -sSLO "https://www.python.org/ftp/python/3.11.9/Python-3.11.9.tar.xz.asc"
$ sha256sum Python-3.11.9.tar.xz Python-3.11.9.tar.xz.asc
9b1e896523fc510691126c864406d9360a3d1e986acbda59cda57b5abda45b87  Python-3.11.9.tar.xz
5b78788dbf9cef803955624e6bc36bc25c42c9c60c8d9e1e2876c74d70ba0fec  Python-3.11.9.tar.xz.asc
$ gpg --import python_release_signature_key.asc
gpg: key 64E628F8D684696D: "Pablo Galindo Salgado <pablogsal@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
$ gpg --batch --verify Python-3.11.9.tar.xz.asc Python-3.11.9.tar.xz
gpg: Signature made Tue Apr  2 11:09:26 2024 UTC
gpg:                using RSA key CFDCA245B1043CF2A5F97865FFE87404168BD847
gpg: BAD signature from "Pablo Galindo Salgado <pablogsal@gmail.com>" [unknown]

If I check the signature on the gzipped archive https://www.python.org/ftp/python/3.11.9/Python-3.11.9.tgz in the same way, then gpg reports a good signature.

CPython versions tested on:

3.11

Operating systems tested on:

Linux
@chludwig-haufe chludwig-haufe added the type-bug An unexpected behavior, bug, or error label Apr 2, 2024
@Eclips4
Copy link
Member

Eclips4 commented Apr 2, 2024

cc @pablogsal

@Eclips4 Eclips4 added the 3.11 only security fixes label Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.11 only security fixes type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chludwig-haufe @Eclips4