Techly NewsGet the app

Get the latest tech news

PyPI now supports digital attestations


Announcing support for PEP 740 on the Python Package Index

PyPI's support for digital attestations has three key advantages over regular cryptographic signatures, such as those provided by PGP: With support for PEP 740, PyPI only permits attestations with a verifiable signature to be uploaded and redistributed by the index. Support for work on PEP 740's authoring and design was provided by the Sovereign Tech Agency and the Google Open Source Security Team.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of PyPI

PyPI

Photo of digital attestations

digital attestations

Related news:

News photo

Removing PGP from PyPI

News photo

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

News photo

StackExchange abused to spread malicious PyPi packages as answers

« The barriers to AI engineering are crumbling fast
Quarry: A modern computing environment for your World »