Lobsters
- Attestations: A new generation of signatures on PyPI https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ 6 comments cryptography , python , security
Linking pages
Linked pages
- PyPI · The Python Package Index https://pypi.org 269 comments
- Removing PGP from PyPI - The Python Package Index Blog https://blog.pypi.org/posts/2023-05-23-removing-pgp/ 260 comments
- Sigstore https://sigstore.dev/ 106 comments
- We sign code now | Trail of Bits Blog https://blog.trailofbits.com/2022/11/08/sigstore-code-signing-verification-software-supply-chain/ 65 comments
- PEP 751 – A file format to list Python dependencies for installation reproducibility | peps.python.org https://peps.python.org/pep-0751/ 27 comments
- Trusted publishing: a new benchmark for packaging security | Trail of Bits Blog https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/ 8 comments
- OpenID Connect | OpenID http://openid.net/connect/ 4 comments
- Trust on first use - Wikipedia https://en.wikipedia.org/wiki/Trust_on_first_use 0 comments
- pypi-publish · Actions · GitHub Marketplace · GitHub https://github.com/marketplace/actions/pypi-publish 0 comments
- PEP 503 – Simple Repository API | peps.python.org https://peps.python.org/pep-0503/ 0 comments
Related searches:
Search whole site: site:blog.trailofbits.com
Search title: Attestations: A new generation of signatures on PyPI | Trail of Bits Blog
See how to search.