I’m looking for a release of trezorlib – more specifically, the trezorctl tool – that is signed with the latest Satoshi Labs PGP release signing key (at the time of writing, that’s the 2021 one, PGP fingerprint
EB48 3B26 B078 A4AA 1B6F 425E E21B 6950 A2EC B65C).
I found trezorlib on Github (github. com/trezor/trezor-firmware/tree/master/python#readme) as part of the firmware, but firmware tag “releases” don’t come with a signature. I similarly found no signatures that can be verified in the PyPI supply chain (pypi. org/project/trezor).
(The weird formatting is because the forum won’t let me include links.)