Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

trailofbits / pypi-attestations Public

Notifications You must be signed in to change notification settings
Fork 2
Star 4

Code
Issues 3
Pull requests 1
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

Releases: trailofbits/pypi-attestations

Releases Tags

Releases · trailofbits/pypi-attestations

v0.0.10

31 Jul 21:59

woodruffw

v0.0.10

3f5fa03

This commit was signed with the committer’s verified signature.

woodruffw William Woodruff

SSH Key Fingerprint: SSQW2duDxMV9E1YvK+DSF4MmWZ3bG+KHMnwDqnH1pew Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.10

Changed

The minimum Python version required has been bumped to 3.11
(#37)

Added

The Provenance, Publisher, GitHubPublisher, GitLabPublisher, and
AttestationBundle types have been added
(#36).

Assets 2

All reactions

v0.0.9

17 Jul 13:55

woodruffw

v0.0.9

fbf7558

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.9

Added

The Distribution type and APIs have been added, allowing a user to supply
a pre-computed digest instead of performing I/O
(#34)

Changed

sign and verify no longer perform I/O
(#34)

Fixed

verify: catch another leaky error case
(#32)

Assets 2

All reactions

v0.0.8

10 Jul 18:25

woodruffw

v0.0.8

f32b66e

This commit was signed with the committer’s verified signature.

woodruffw William Woodruff

SSH Key Fingerprint: SSQW2duDxMV9E1YvK+DSF4MmWZ3bG+KHMnwDqnH1pew Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.8

Fixed

AttestationType is now re-exported at the top-level as a public API
(#31)

Assets 2

All reactions

v0.0.7

10 Jul 18:14

woodruffw

v0.0.7

718efd0

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.7

Added

AttestationType has been added, as an enumeration of all currently known
attestation types (by URL)
(#29)

Changed

Attestation.verify now checks the attestation's type against
AttestationType before returning it
(#29)

Fixed

Attestation.sign now only returns AttestationError when failing to sign a
distribution file
(#28)

Assets 2

All reactions

v0.0.6

28 Jun 16:50

woodruffw

v0.0.6

8076ad9

This commit was signed with the committer’s verified signature.

woodruffw William Woodruff

SSH Key Fingerprint: SSQW2duDxMV9E1YvK+DSF4MmWZ3bG+KHMnwDqnH1pew Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.6

pypi_attestations: 0.0.6

Signed-off-by: William Woodruff <william@trailofbits.com>

Assets 2

All reactions

v0.0.5

20 Jun 16:00

woodruffw

v0.0.5

058181b

This commit was signed with the committer’s verified signature.

woodruffw William Woodruff

SSH Key Fingerprint: SSQW2duDxMV9E1YvK+DSF4MmWZ3bG+KHMnwDqnH1pew Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.5

pypi_attestation_models: 0.0.5

Signed-off-by: William Woodruff <william@trailofbits.com>

Assets 2

All reactions

v0.0.4

11 Jun 20:28

woodruffw

v0.0.4

b7ede39

This commit was signed with the committer’s verified signature.

woodruffw William Woodruff

SSH Key Fingerprint: SSQW2duDxMV9E1YvK+DSF4MmWZ3bG+KHMnwDqnH1pew Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.4

What's Changed

Switch to in-toto statements by @woodruffw in #18

Full Changelog: v0.0.3...v0.0.4

Contributors

woodruffw

Assets 2

All reactions

v0.0.4a2

10 Jun 19:46

woodruffw

v0.0.4a2

153c9a3

This commit was signed with the committer’s verified signature.

woodruffw William Woodruff

SSH Key Fingerprint: SSQW2duDxMV9E1YvK+DSF4MmWZ3bG+KHMnwDqnH1pew Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.4a2 Pre-release

Pre-release

pypi_attestation_models: 0.0.4a2

Signed-off-by: William Woodruff <william@trailofbits.com>

Assets 2

All reactions

v0.0.4a1

10 Jun 19:44

woodruffw

v0.0.4a1

f902dd0

This commit was signed with the committer’s verified signature.

woodruffw William Woodruff

SSH Key Fingerprint: SSQW2duDxMV9E1YvK+DSF4MmWZ3bG+KHMnwDqnH1pew Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.4a1 Pre-release

Pre-release

pypi_attestation_models: 0.0.4a1

Signed-off-by: William Woodruff <william@trailofbits.com>

Assets 2

All reactions

v0.0.3

10 Jun 19:38

woodruffw

v0.0.3

18e8e8a

This commit was signed with the committer’s verified signature.

woodruffw William Woodruff

SSH Key Fingerprint: SSQW2duDxMV9E1YvK+DSF4MmWZ3bG+KHMnwDqnH1pew Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.3

What's Changed

release: switch to attestation by @woodruffw in #19

Full Changelog: v0.0.2...v0.0.3

Contributors

woodruffw

Assets 2

All reactions

Previous 1 2 3 Next

Previous Next

Footer

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.