Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-21725

Support for data-gpg-sig on pypi repositories

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: PyPI
    • Labels:
      None

      Description

      On pep 503 they define this:

      "A repository MAY include a data-gpg-sig attribute on a file link with a value of either true or false to indicate whether or not there is a GPG signature. Repositories that do this SHOULD include it on every link."

      This ticket's intent is for us to support the data-gpg-sig attribute on pypi repositories

      Acceptance Criteria

      • All endpoints should return data-gpg-sig=true for files that have a GPG signature.
      • This is returned from both hosted and proxy.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            sdelvalle Santiago Del Valle
            Last Updated By:
            Joseph Stephens Joseph Stephens
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                tigCommentSecurity.panel-title