GeistHaus
log in · sign up

PyPI now supports digital attestations - The Python Package Index Blog

blog.pypi.org

Announcing support for PEP 740 on the Python Package Index

5 pages link to this URL
Supply chain attacks in the AI era: the state of open source in 2026
XergioAleX - CTO & Co-founder at DailyBot (YC S21) Sergio Alexander Florez Galeano

In 18 months, npm, PyPI, RubyGems, Maven and Crates have all shipped malware. AI is accelerating both sides of the playbook. A tour of what's happening, with the defensive baseline at the end.

0 inbound links article en Tech supply chain attack 2026npm pnpm minimumReleaseAgeShai-Hulud wormtj-actions changed-files CVE-2025-30066slopsquattingaxios npm compromise 2026Bitwarden CLI malicious 2026.4.0TanStack npm postmortemPyPI Trusted Publishingopen source security 2026
Attestations: A new generation of signatures on PyPI
The Trail of Bits Blog William Woodruff

For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been disabled on PyPI) by providing key usability, index verifiability, cryptographic strength, and provenance properties that bring […]

1 inbound link article en open-sourcesupply-chainecosystem-securityengineering-practice open-sourcesupply-chainecosystem-securityengineering-practice
Attestations: A new generation of signatures on PyPI
The Trail of Bits Blog William Woodruff

For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been disabled on PyPI) by providing key usability, index verifiability, cryptographic strength, and provenance properties that bring […]

3 inbound links article en open-sourcesupply-chainecosystem-securityengineering-practice open-sourcesupply-chainecosystem-securityengineering-practice