Thierry Carrez wrote:
The way we've been handling this in the past was to ignore past releases (since they are not signed by the release team), and push a new one through the releases repository. It should replace the unofficial one in PyPI and make sure all is in order.
Clarification with a practical example: xstatic-hogan 2.0.0.2 is on PyPI, but has no tag in the openstack/xstatic-hogan repo, and no deliverable file in openstack/releases. Solution is to resync everything by proposing a 2.0.0.3 release that will have tag, be in openstack/releases and have a matching upload on PyPI. This is done by: - bumping BUILD at https://opendev.org/openstack/xstatic-hogan/src/branch/master/xstatic/pkg/ho... - adding a deliverables/_independent/xstatic-hogan.yaml file in openstack/releases defining a tag for 2.0.0.3 - removing the "deprecated" line from https://opendev.org/openstack/governance/src/branch/master/reference/project... Repeat for every affected package :) -- Thierry Carrez (ttx)