macOS Binary Developer ID does not match the current version

[adam-selby]

Describe the bug
The Apple Developer ID listed for the current version of the macOS Binary does not match the actual package's Developer ID (Team ID). The Developer ID listed on the site is included below and names Ned Deily, and was valid for Python 3.11.3 for macOS, but as of Python 3.11.4 for macOS this Developer ID is not used to sign the installer. Instead, this is signed by BMM5U3QVKW, which names Python Software Foundation.

"Ned Deily (macOS binaries, 3.7.x / 3.6.x source files and tags) […] Apple Developer ID DJ3H93M7VJ)"

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://www.python.org/downloads/release/python-3114/'
2. Download 'macOS 64-bit universal2 installer'
3. View the Team ID of the downloaded .pkg installer does not match the Developer ID listed on https://www.python.org/downloads/ under "OpenPGP Public Keys".

Expected behavior
The website should be updated to reflect this new Developer ID so it is known as a trusted source for signed Python for macOS binaries.

Desktop (please complete the following information):

• OS: macOS
• Browser Safari
• Version 16.6

Additional context
This is a great change in more clearly and officially adopting an accurate Developer ID for macOS, and this is a welcome change. Documentation indicating this is the expected new Team ID is important for MacAdmins installing or updating Python in a managed environment through projects such as AutoPkg and Installomator which utilize a validation check for expected Developer IDs as part of their automation.

[hugovk]

cc @ned-deily @sethmlarson

[ned-deily]

Thanks for your reminder! I've updated the Downloads page to include a section that includes more information about macOS certificates. I've also opened a new issue to more completely revise this section of the Downloads page.