From 01c3cceca1ac80796e5448295e294cbc01948185 Mon Sep 17 00:00:00 2001 From: Natalia <124304+nessita@users.noreply.github.com> Date: Wed, 24 Jun 2026 16:01:39 -0300 Subject: [PATCH 1/2] Replaced the defunct pgp.mit.edu keyserver with GitHub for key import. --- docs/internals/howto-release-django.txt | 9 ++------- scripts/do_django_release.py | 9 ++------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/docs/internals/howto-release-django.txt b/docs/internals/howto-release-django.txt index 7acad7ac2b19..302865d29ab3 100644 --- a/docs/internals/howto-release-django.txt +++ b/docs/internals/howto-release-django.txt @@ -555,13 +555,8 @@ Building the artifacts To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has - the ID ``XXXXXXXXXXXXXXXX`` and can be imported from the MIT - keyserver, for example, if using the open-source GNU Privacy Guard - implementation of PGP: - - gpg --keyserver pgp.mit.edu --recv-key XXXXXXXXXXXXXXXX - - or via the GitHub API: + the ID ``XXXXXXXXXXXXXXXX`` and can be imported from GitHub, for example, + if using the open-source GNU Privacy Guard implementation of PGP: curl https://github.com/<>.gpg | gpg --import - diff --git a/scripts/do_django_release.py b/scripts/do_django_release.py index 8f7450147e05..0435c2c91e20 100755 --- a/scripts/do_django_release.py +++ b/scripts/do_django_release.py @@ -22,13 +22,8 @@ To use this file, you will need a working install of PGP or other compatible public-key encryption software. You will also need to have the Django release manager's public key in your keyring. This key has -the ID ``{pgp_key_id}`` and can be imported from the MIT -keyserver, for example, if using the open-source GNU Privacy Guard -implementation of PGP: - - gpg --keyserver pgp.mit.edu --recv-key {pgp_key_id} - -or via the GitHub API: +the ID ``{pgp_key_id}`` and can be imported from GitHub, for example, if +using the open-source GNU Privacy Guard implementation of PGP: curl {pgp_key_url} | gpg --import - From 93a1751f2fc0dfb81057ec3a7fb86778de1780fa Mon Sep 17 00:00:00 2001 From: Natalia <124304+nessita@users.noreply.github.com> Date: Wed, 24 Jun 2026 16:02:11 -0300 Subject: [PATCH 2/2] Avoided breaking sha1sum verification in the generated checksum.txt file. When doing releases, the `do_django_release.py` script included, in the generated checksum.txt file, a " " section for the git tag for the release. This line was byte-for-byte a GNU coreutils checksum line, since the commit hash is 40 hex characters, therefore "sha1sum --check" parsed it as an entry for a file named after the version (e.g. "6.1b1"), failed to open that file, and aborted the `verify_release.sh` script. Reworded the line as prose so it is no longer mistaken for a checksum entry. --- scripts/do_django_release.py | 2 +- scripts/tests.py | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/do_django_release.py b/scripts/do_django_release.py index 0435c2c91e20..aa4f61b92696 100755 --- a/scripts/do_django_release.py +++ b/scripts/do_django_release.py @@ -62,7 +62,7 @@ Git tag ======= -{commit_hash} {django_version} +The {django_version} tag points to commit {commit_hash}. """ diff --git a/scripts/tests.py b/scripts/tests.py index 10afce658895..66b5fa00bdf2 100644 --- a/scripts/tests.py +++ b/scripts/tests.py @@ -87,7 +87,11 @@ def test_release_metadata(self): self.assertIn("ABCD1234ABCD1234", result) self.assertIn("https://github.com/releaser.gpg", result) self.assertIn("Django-5.2.4.checksum.txt", result) - self.assertIn("abc123def456abc123def456abc123def456abc1 5.2.4", result) + self.assertIn( + "The 5.2.4 tag points to commit " + "abc123def456abc123def456abc123def456abc1.", + result, + ) def test_artifact_checksums(self): result = self.generate_checksum_file()