PyPI now supports digital attestations

from blog Simon Willison's Weblog, | ↗ original
PyPI now supports digital attestations Dustin Ingram: PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and installers to verify published attestations. This has been in the work...
This is a short summary. ↗ Open original to view full content

Related

Python Packaging, One Year Later: A Look Back at 2023 in Python Packaging
Chris Warrick (Blog) | original ↗
How to Verify Your Commits on GitHub
Joe Previte's Blog' | original ↗
Publishing a console application to pypi
meain/blog | original ↗
xlsx-dict-reader 0.2.0, or, publishing to pypi in 2024
Brain Dump | original ↗
Building APIs with Contracts
kmcd.dev | original ↗
The Python Package Index Should Get Rid Of Its Training Wheels
Loris Cro's Personal Website | original ↗
Getting the book into my hands
Jonas Hietala | original ↗
Links and References For My PyCon US Keynote
Cogito, Ergo Sumana | original ↗
Introducing gh_announce: Automate github release announcements on twitter with this python bot
Prahlad Yeri | original ↗
Package signing in PIP - It works, in a roundabout sort of way
Prahlad Yeri | original ↗

More from Simon Willison's Weblog

Voting opens for Oxford Word of the Year 2024
15 Nov 2024 | original ↗

Voting opens for Oxford Word of the Year 2024 One of the options is slop! slop (n.): Art, writing, or other content generated using artificial intelligence, shared and distributed online in an indiscriminate or intrusive way, and characterized as being of low quality, inauthentic, or inaccurate. Via @dloss Tags: slop, ethics,...

Recraft V3
15 Nov 2024 | original ↗

Recraft V3 Recraft are a generative AI design tool startup based out of London who released their v3 model a few weeks ago. It's currently sat at the top of the Artificial Analysis Image Arena Leaderboard, beating Midjourney and Flux 1.1 pro. The thing that impressed me is that it can generate both raster and vector graphics... and the vector...

OpenAI Public Bug Bounty
14 Nov 2024 | original ↗

OpenAI Public Bug Bounty Reading this investigation of the security boundaries of OpenAI's Code Interpreter environment helped me realize that the rules for OpenAI's public bug bounty inadvertently double as the missing details for a whole bunch of different aspects of their platform. This description of Code Interpreter is significantly more...

Quoting OpenAI, Google and Anthropic Are Struggling to Build More Advanced AI
14 Nov 2024 | original ↗

Anthropic declined to comment, but referred Bloomberg News to a five-hour podcast featuring Chief Executive Officer Dario Amodei that was released Monday. "People call them scaling laws. That's a misnomer," he said on the podcast. "They're not laws of the universe. They're empirical regularities. I am going to bet in favor of them continuing, but...

QuickTime video script to capture frames and bounding boxes
14 Nov 2024 | original ↗

QuickTime video script to capture frames and bounding boxes An update to an older TIL. I'm working on the write-up for my DjangoCon US talk on plugins and I found myself wanting to capture individual frames from the video in two formats: a full frame capture, and another that captured just the portion of the screen shared from my laptop. I have a...