Skip to content

Python 3.9.22 release is missing GPG signatures #132288

Closed as duplicate of#132287
Closed as duplicate of#132287
@edmorley

Description

@edmorley

Bug report

Bug description:

The Python 3.9.22 release is missing the GPG signature files (note no "GPG" column in the table):
https://www.python.org/downloads/release/python-3922/

eg:

$ curl -I https://www.python.org/ftp/python/3.9.22/Python-3.9.22.tgz.asc
HTTP/2 404
x-clacks-overhead: GNU Terry Pratchett
content-type: text/html
server: nginx
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 220
date: Tue, 08 Apr 2025 18:47:13 GMT
x-served-by: cache-lga21956-LGA, cache-lga21956-LGA, cache-lon4239-LON
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 6, 0
x-timer: S1744138033.491958,VS0,VE1
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 146

This is causing our release process for the new binaries to fail, blocking releasing this security update to users:
https://github.com/heroku/heroku-buildpack-python/actions/runs/14341077254/job/40200481976#step:4:20

All of the other releases today have their GPG signatures, as does the last Python 3.9.x release (3.9.21).

This seems to be a repeat of #123807 and #127601 (see also #127602).

(We're aware of PEP-761 and have plans to switch to sigstore across the board closer to the Python 3.14 release - though PEP-761 says GPG signing is still supported for all releases prior to 3.14, so GPG is still a supported path for now.)

CPython versions tested on:

3.9

Operating systems tested on:

Linux

Metadata

Metadata

Assignees

No one assigned

    Labels

    type-bugAn unexpected behavior, bug, or error

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions