-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Last updated December 12, 2014.

As of December 12, 2014, when we issue an official release of Django, it'll
come with a checksum file for the release. That file will be signed by the
member of the Django team who packages the release and will contain
instructions on how to verify that the release hasn't been tampered with. The
blog post and release announcements for each release will state the GPG key ID
used for the release.

- -------------------------------------------------------------------------------

The policy for releases before December 12, 2014 was as follows:

This file contains a list of everyone who is authorized to release Django.
When we issue an official release of Django, it'll come with a checksum file
for the release. That file will be signed by one of the authorized users
listed below, and will contain instructions on how to verify that the release
hasn't been tampered with.

This releasers document is itself signed by a master key with key ID
``1767F12E10DEFBF3``. You can verify the authenticity of this list by fetching
this key from the MIT keyserver and verifying this file. For example, to verify
this list using GPG:

    gpg --keyserver pgp.mit.edu --recv-key 1767F12E10DEFBF3
    gpg --verify django-releasers.txt

Once you have verified this list, you can compare the keys used for the release
with the list of keys below.

If a release is ever issued with a checksum that does not verify, or if those
checksums are signed by someone not on this list, the release is fradulent
and should be considered dangerous.

Authorized keys
- - ---------------

Those people who have been authorized to issue a release of Django are:

    Key ID              Name
    ------------------  -----------------------------------------------
    2D9266A6808FE067    James Bennett <james@b-list.org>
    69666DFEB00E963E    Jacob Kaplan-Moss <jacob@jacobian.org>

Retired keys
- - ------------

These keys have, in the past, been used to issue a release of Django.
However, they have since been revoked, and are not valid release keys
after the date given.

    Key ID            Name                               Revoked Since
    ----------------  ---------------------------------  ----------------------
    3684C0C08C8B2AE1  James Bennett <james@b-list.org>   May 19, 2014
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJUlFDDAAoJEBdn8S4Q3vvzh9gQAJ+gCNiawaXZpE2LVRiCADn9
HJV4F8rBolziXSU3zB9CrjhOq2BO9+3R6gZB6XQHE1HH5gHVOKO7rke+0ovkSCMI
cAME1XRJfNagkgbe2loOex8Yp0dAZnqiE2YRuFLvkG7KORS296er5siCTRXfYgn6
IRlkLIggi6F3q9dc2Liz0Al/i+WYK0cB346XUiXVRZeh0k2uCcRVFVLDg3ybhDbp
dCza/aNVVcmtnYg5VgGwd0A+ZG4yjr4cu3DgSY1zTTX93k7BiSHJIUPYUSa7t52S
lCBdTJbUPEGKkYRIU+oZwu9fDMmvh7MiI3JAtT+gLM+6qwARCcd/HvrwlXm11RLZ
031sNZHGcjSR6gR91p384o7N3v522JJMbvLf6FnHqShy1hp9A9V0s7oMkWBxoq3/
wvdE7Rzw8jTlzdmOT8Tb042uUufZk+5n1Xmpui/jhfeaHBbkayvbvOpOSKpA3I7V
iYla+6zI2eZU6IA7M4R8c+Mh0/LO/0kPKh3UIqDoe6GegaOX00Fs1H39M1sq9p0R
BQTMmpdQdipJdlSUlzITpDop6rsNRjri1NaC2wqtKzmQu1fGgL1jioPmdqMd5Wve
mhfsKUOXgmEj9TeO2Jgmn7BGDuDnmf9yUqDqka+kYraX11toMdBkv9bLPXRRcsVY
E+uUaBjeiWqSLrQa4oCx
=Rc4R
-----END PGP SIGNATURE-----