@@ -142,18 +142,18 @@ This script shows how to verify the tarball was indeed created by the authors of
142142this project:
143143
144144```
145- curl https://pypi.python .org/packages/5b/38/0433c06feebbfbb51d644129dbe334031c33d55af0524326266f847ae907 /GitPython-2 .1.8-py2. py3-none-any.whl#md5=6b73ae86ee2dbab6da8652b2d875013a > gitpython.whl
146- curl https://pypi.python .org/packages/5b/38/0433c06feebbfbb51d644129dbe334031c33d55af0524326266f847ae907 /GitPython-2 .1.8-py2. py3-none-any.whl.asc > gitpython-signature.asc
145+ curl https://files.pythonhosted .org/packages/09/bc/ae32e07e89cc25b9e5c793d19a1e5454d30a8e37d95040991160f942519e /GitPython-3 .1.8-py3-none-any.whl > gitpython.whl
146+ curl https://files.pythonhosted .org/packages/09/bc/ae32e07e89cc25b9e5c793d19a1e5454d30a8e37d95040991160f942519e /GitPython-3 .1.8-py3-none-any.whl.asc >
147147gpg --verify gitpython-signature.asc gitpython.whl
148148```
149149
150150which outputs
151151
152152```
153- gpg: Signature madeMon Dec 11 17:34:17 2017 CET
154- gpg: using RSA keyC3BC52BD76E2C23BAC6EC06A665F99FA9D99966C
155- gpg: issuer " byronimo@gmail.com"
156- gpg:Good signature from "Sebastian Thiel (I do trust in Rust! ) <byronimo@gmail .com>" [ultimate]
153+ gpg: Signature madeFr 4 Sep 10:04:50 2020 CST
154+ gpg: using RSA key27C50E7F590947D7273A741E85194C08421980C9
155+ gpg:Good signature from "Sebastian Thiel (YubiKey USB-C) < byronimo@gmail.com>" [ultimate]
156+ gpg: aka "Sebastian Thiel (In Rust I trust ) <sebastian.thiel@icloud .com>" [ultimate]
157157```
158158
159159You can verify that the keyid indeed matches the release-signature key provided in this
@@ -173,7 +173,7 @@ If you would like to trust it permanently, you can import and sign it:
173173
174174```
175175gpg --import ./release-verification-key.asc
176- gpg --edit-key88710E60
176+ gpg --edit-key4C08421980C9
177177
178178> sign
179179> save