id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
33411	Django 2.2.26 tarball on PyPI differs from djangoproject.org	Marius Bakke	nobody	"PyPI is serving a different tarball than djangoproject.org for 2.2.26.

{{{
a84c71495d12388ea3e7cb271ba0b6c020e51831477a65e7cd00fe1cce80d103  Django-2.2.26.tar.gz
dfa537267d52c6243a62b32855a744ca83c37c70600aacffbfd98bc5d6d8518f  Django-2.2.26.tar.gz.pypi
}}}

The only difference is in gzip compression metadata:

{{{
$ file Django-2.2.26.tar.gz*
Django-2.2.26.tar.gz:      gzip compressed data, was ""Django-2.2.26.tar"", last modified: Tue Jan  4 09:30:26 2022, max compression, original size modulo 2^32 52469760
Django-2.2.26.tar.gz.pypi: gzip compressed data, was ""Django-2.2.26.tar"", last modified: Tue Jan  4 09:40:48 2022, max compression, original size modulo 2^32 52469760
}}}

The GPG signatures for 2.2.26 on PyPI and djangoproject.org are OK however."	Uncategorized	closed	Packaging	2.2	Normal	invalid			Unreviewed	0	0	0	0	0	0