On Tue, 4 Jan 2022 21:20:24 +0000 Jeremy Stanley <fungi at yuggoth.org> wrote: Thanks for the detailed explanations, I think I understood everything. One thing caught my attention: > It's expected that the place to obtain > new git-review tarballs is PyPI, as mentioned in our release > announcements on the service-announce mailing list: > > http://lists.opendev.org/pipermail/service-announce/2021-November/000028.html As it happens, just a short time back, I ran into an issue with PyPI.[1] Basically, it's possible to upload something there and nobody knows anything about it. Is that loss of audit trail a concern for our releases? -- Pete [1] https://zaitcev.livejournal.com/263602.html