Tag: Trusted Publishing
-
Hacker News: Attestations: A new generation of signatures on PyPI
Source URL: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ Source: Hacker News Title: Attestations: A new generation of signatures on PyPI Feedly Summary: Comments AI Summary and Description: Yes Summary: The announcement discusses a new security feature on the Python Package Index (PyPI): index-hosted digital attestations based on PEP 740. This feature enhances package provenance and security by integrating with Trusted…
-
Hacker News: PyPI now supports digital attestations
Source URL: https://blog.pypi.org/posts/2024-11-14-pypi-now-supports-digital-attestations/ Source: Hacker News Title: PyPI now supports digital attestations Feedly Summary: Comments AI Summary and Description: Yes Summary: PyPI has introduced support for digital attestations, enhancing supply-chain security for Python package maintainers. This update, part of PEP 740, allows maintainers to publish signed attestations associated with their projects, ensuring higher trust and…
-
Hacker News: New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io
Source URL: https://socket.dev/blog/new-rust-rfc-proposes-adding-support-for-trusted-publishing-to-crates-io Source: Hacker News Title: New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io Feedly Summary: Comments AI Summary and Description: Yes Summary: The proposed RFC for “Trusted Publishing” on Crates.io aims to enhance the security of package publishing by transitioning from long-lived API tokens to a system using short-lived identity…