.. SPDX-FileCopyrightText: 2023 The meson-python developers
..
.. SPDX-License-Identifier: MIT


.. _security:

********
Security
********

Distributors are recommended to fetch release sources via the Git_ tags on our
repository_, or the source distributions on the `meson-python PyPI page`_, both
are PGP-signed with one of the following keys:

- |3DCE51D60930EBA47858BA4146F633CBB0EB4BF2|_ *(Filipe Laíns)*
- |52BDC33FD1FBAB569D47FFA923D9E5499A08BDC5|_ *(Ralf Gommers)*


.. admonition:: Fetching artifact signatures from PyPI_
   :class: hint

   To fetch the PGP signatures for artifacts on PyPI_, simply add ``.asc`` to
   the artifact URL.


.. _Git: https://git-scm.com/
.. _repository: https://github.com/mesonbuild/meson-python
.. _meson-python PyPI page: https://pypi.org/project/meson-python/
.. _PyPI: https://pypi.org/

.. |3DCE51D60930EBA47858BA4146F633CBB0EB4BF2| replace:: ``3DCE51D60930EBA47858BA4146F633CBB0EB4BF2``
.. _3DCE51D60930EBA47858BA4146F633CBB0EB4BF2: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3dce51d60930eba47858ba4146f633cbb0eb4bf2

.. |52BDC33FD1FBAB569D47FFA923D9E5499A08BDC5| replace:: ``52BDC33FD1FBAB569D47FFA923D9E5499A08BDC5``
.. _52BDC33FD1FBAB569D47FFA923D9E5499A08BDC5: https://github.com/rgommers.gpg
