MAINT: gpg versions, signing, and release docs/ steps #10189
Labels
Documentation
Issues related to the SciPy documentation. Also check https://github.com/scipy/scipy.org
maintenance
Items related to regular maintenance tasks
On some popular platforms, you basically need to use GPG2 if you want to use
gpg-agent
to avoid entering your signing credentials over and over when handling various assets during the SciPy release process.In practice, this meant a few things for me, that maybe should be documented in release process description, but code changes would be harder since
gpg2
is stillgpg
on some platforms.We could perhaps mention that the following might be needed for platforms with
gpg2
requirements:git config --global gpg.program gpg2
forgit tag -s
commandstwine upload -s --sign-with gpg2
to avoid calling oldgpg
& requiring password each timeIt is still harder than that to have everything "just work" portably on any given release managers platform with no manual intervention though. Locally, I also needed:
But that may break things for platforms & distributions where
gpg
is actuallygpg2
instead of the old version.I didn't have much success aliasing the old name to the new command / executable & having gpg-agent use it, but others may have better success with that.
The text was updated successfully, but these errors were encountered: