Dont sign releases

Author: sbidoul

.github/workflows/release.yml

@@ -13,12 +13,8 @@ jobs:
 
     permissions:
       # Used to authenticate to PyPI via OIDC.
-      # Used to sign the release's artifacts with sigstore-python.
       id-token: write
 
-      # Used to attach signing artifacts to the published release.
-      contents: write
-
     steps:
     - uses: actions/checkout@v3
 
@@ -31,9 +27,3 @@ jobs:
 
     - name: publish
       uses: pypa/gh-action-pypi-publish@release/v1
-
-    - name: sign
-      uses: sigstore/[email protected]
-      with:
-        inputs: ./dist/*.tar.gz ./dist/*.whl
-        release-signing-artifacts: true