Simon Willison on Nostr: Posted some notes on the new PyPI digital attestations feature released today, ...
Published at
2024-11-14 20:00:03Event JSON
{
"id": "240a3470fcabb81862cd956fd1011bf35623c320e667a9996a294548ae933bda",
"pubkey": "8b0be93ed69c30e9a68159fd384fd8308ce4bbf16c39e840e0803dcb6c08720e",
"created_at": 1731614403,
"kind": 1,
"tags": [
[
"proxy",
"https://fedi.simonwillison.net/users/simon/statuses/113483081529391174",
"activitypub"
]
],
"content": "Posted some notes on the new PyPI digital attestations feature released today, providing digital signatures that help demonstrate that the package you are downloading from PyPI was built from a specific version of the underlying code on GitHub https://simonwillison.net/2024/Nov/14/pypi-digital-attestations/",
"sig": "2ef997ef8aa82ca3aed7b3aadd3a104912a0b045267a5595ba8ffeb02b14d3fc49a6a4dfda8c8de2f38284ddd69d7c8e5b5f162526a344dcd8adcd4d5ece40e8"
}
