Skip to content

Add digital attestation to Python release workflow #74

New issue
New issue
Open
Open
Add digital attestation to Python release workflow#74
Labels
enhancementNew feature or request
@jsstevenson

Description

@jsstevenson
jsstevenson
opened on Nov 29, 2024

Feature description

See https://peps.python.org/pep-0740/

Use case

Desire for digital signatures on Python packages has been repeatedly expressed by both package maintainers and downstream users:

Maintainers wish to demonstrate the integrity and authenticity of their package uploads;
Individual downstream users wish to verify package integrity and authenticity without placing additional trust in their index’s honesty;
“Bulk” downstream users (such as Operating System distributions) wish to perform similar verifications and potentially re-expose or countersign for their own downstream packaging ecosystems.

Acceptance Criteria

Not totally sure. There's probably a way to check that this is working.

Proposed solution

No response

Alternatives considered

No response

Implementation details

No response

Potential Impact

No response

Additional context

No response

Contribution

None

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions