Update information about release signatures

The industry is moving away from GPG signatures, and signing distribution artifacts will complicate the release process and make it harder to allow other maintainers to make releases for only minor gain in auditability of releases. At least for now, we'll remove any guarantees about signatures and trust GitHub's authentication. Note: This commit is signed with the same key that signed releases 2.4.1-2.8.2.
dateutil · Jul 6, 2021 · 17df04f · 17df04f
1 parent be118bb
commit 17df04f
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/README.rst b/README.rst
@@ -139,16 +139,19 @@ It is maintained by:
 * Yaron de Leeuw <me@jarondl.net> 2014-2016
 * Paul Ganssle <paul@ganssle.io> 2015-
 
-Starting with version 2.4.1, all source and binary distributions will be signed
-by a PGP key that has, at the very least, been signed by the key which made the
-previous release. A table of release signing keys can be found below:
+Starting with version 2.4.1 and running until 2.8.2, all source and binary
+distributions will be signed by a PGP key that has, at the very least, been
+signed by the key which made the previous release. A table of release signing
+keys can be found below:
 
 ===========  ============================
 Releases     Signing key fingerprint
 ===========  ============================
-2.4.1-       `6B49 ACBA DCF6 BD1C A206 67AB CD54 FCE3 D964 BEFB`_ 
+2.4.1-2.8.2  `6B49 ACBA DCF6 BD1C A206 67AB CD54 FCE3 D964 BEFB`_ 
 ===========  ============================
 
+New releases *may* have signed tags, but binary and source distributions
+uploaded to PyPI will no longer have GPG signatures attached.
 
 Contact
 =======