Techly NewsGet the app

Get the latest tech news

Python PGP proposal poses packaging puzzles


[LWN subscriber-only content] Sigstore is a project that is meant to simplify and improve the process of signing, verifying, and protecting software. It is a relatively new project, declared "generally available" in 2022.

Assuming the developer authenticates successfully with the OpenID provider, a short-lived certificate is issued for signing the artifact and then the attestation is published to a public ledger called Rekor. Despite its newness, he made the case that sigstore had been adopted by other major projects and services, such as the Python Package Index (PyPI) (which dropped PGP support in 2023), npm, and GitHub, and was " likely to stick around". Despite the extra work, though, Rivera said that he thought there was agreement on goals, and it would be a matter of " convincing people that sigstore is worth the effort of implementation in Debian package tooling."

Get the Android app

Or read this on Hacker News

Read more on:

Photo of PGP

PGP

Photo of packaging puzzles

packaging puzzles

Photo of Python PGP proposal

Python PGP proposal

Related news:

News photo

Used by only a few nerds, Facebook kills PGP-encrypted emails

« Oriental hornets can't get drunk
70% of meteorites from 3 collisions in asteroid belt within past 40M years »