Attestations: A new generation of signatures on PyPI

blog.trailofbits.com

For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been disabled on PyPI) by providing key usability, index verifiability, cryptographic strength, and provenance properties that bring […]

3 pages link to this URL

PyPI now supports digital attestations - The Python Package Index Blog

blog.pypi.org Nov 14, 2024

Announcing support for PEP 740 on the Python Package Index

5 inbound links website en

Why it's hard to trust software, but you mostly have to anyway

educatedguesswork.org Dec 28, 2024

0 inbound links article en

This Week in Python (November 15, 2024) - Bas codes

This Week in Python (November 15, 2024) - Bas codes I'm a software developer; Tech Trainer Bas Steins Nov 15, 2024

What happened this week in the Python universe?

0 inbound links en