Cloud Security Alliance News Clipping Site

Tag: SigStore

  • Hacker News: Attestations: A new generation of signatures on PyPI

    by

    system automation
    in

    Source URL: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ Source: Hacker News Title: Attestations: A new generation of signatures on PyPI Feedly Summary: Comments AI Summary and Description: Yes Summary: The announcement discusses a new security feature on the Python Package Index (PyPI): index-hosted digital attestations based on PEP 740. This feature enhances package provenance and security by integrating with Trusted…

  • Hacker News: Are We PEP740 Yet?

    by

    system automation
    in

    Source URL: https://trailofbits.github.io/are-we-pep740-yet/ Source: Hacker News Title: Are We PEP740 Yet? Feedly Summary: Comments AI Summary and Description: Yes **Summary:** PEP 740 introduces a standard for cryptographically verifiable attestations for Python packages, ensuring better security and provenance verification through digital signatures. This initiative utilizes Sigstore technology and highlights the significance of trusted identities in safeguarding…

  • Simon Willison’s Weblog: PyPI now supports digital attestations

    by

    system automation
    in

    Source URL: https://simonwillison.net/2024/Nov/14/pypi-digital-attestations/#atom-everything Source: Simon Willison’s Weblog Title: PyPI now supports digital attestations Feedly Summary: PyPI now supports digital attestations Dustin Ingram: PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and…

  • Hacker News: Python PGP proposal poses packaging puzzles

    by

    system automation
    in

    Source URL: https://lwn.net/SubscriberLink/993787/0dad7bd3d8ead026/ Source: Hacker News Title: Python PGP proposal poses packaging puzzles Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses the transition from PGP signatures to sigstore for signing Python artifacts, highlighting significant implications for software security. Sigstore, embraced by various projects, simplifies the verification process by eliminating the need…

  • Hacker News: Trust Rules Everything Around Me

    by

    system automation
    in

    Source URL: https://scottarc.blog/2024/10/14/trust-rules-everything-around-me/ Source: Hacker News Title: Trust Rules Everything Around Me Feedly Summary: Comments AI Summary and Description: Yes Summary: The text dives into concerns around governance, trust, and security within the WordPress community, particularly in light of recent controversies involving Matt Mullenweg. It addresses critical vulnerabilities tied to decision-making power and proposes cryptographic…