Skip to content

v0.0.13
Compare
Choose a tag to compare
@woodruffw woodruffw released this 22 Oct 16:18
· 17 commits to main since this release
v0.0.13
2cf1f8f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Changed

  • The minimum Python version required has been brought back to 3.9
    (#64).

  • The Attestation.verify(...) API has been changed to remove the Verifier
    argument in favor of an optional staging: bool kwarg to select the
    Sigstore instance
    (#62)

  • The Attestation.verify(...) API has been changed to accept both Publisher
    and VerificationPolicy objects as a policy. The publisher object is internally
    converted to an appropriate verification policy.

Fixed

  • python -m pypi_attestations verify now handles inputs like dist/*
    gracefully, by pre-filtering any attestation paths from the inputs.

  • python -m pypi_attestations verify now exits with a non-zero exit code
    if the verification step fails
    (#57)

Assets 2
Loading