id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 33411 Django 2.2.26 tarball on PyPI differs from djangoproject.org Marius Bakke nobody "PyPI is serving a different tarball than djangoproject.org for 2.2.26. {{{ a84c71495d12388ea3e7cb271ba0b6c020e51831477a65e7cd00fe1cce80d103 Django-2.2.26.tar.gz dfa537267d52c6243a62b32855a744ca83c37c70600aacffbfd98bc5d6d8518f Django-2.2.26.tar.gz.pypi }}} The only difference is in gzip compression metadata: {{{ $ file Django-2.2.26.tar.gz* Django-2.2.26.tar.gz: gzip compressed data, was ""Django-2.2.26.tar"", last modified: Tue Jan 4 09:30:26 2022, max compression, original size modulo 2^32 52469760 Django-2.2.26.tar.gz.pypi: gzip compressed data, was ""Django-2.2.26.tar"", last modified: Tue Jan 4 09:40:48 2022, max compression, original size modulo 2^32 52469760 }}} The GPG signatures for 2.2.26 on PyPI and djangoproject.org are OK however." Uncategorized closed Packaging 2.2 Normal invalid Unreviewed 0 0 0 0 0 0