-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch away from sigstore to #7
Comments
How I hate python ecosystem fragmentation. just after upgrading from pyscaffold, because the pypa setuptools links it pointed me to are dead after 3 years. |
Waiting for pypi/warehouse#15871 is probably a good idea. |
FYI, it's already possible to upload the attestations. I had to fix a minor bug in the action today but you can start uploading already if you use trusted publishing. Just bump to v1.10.1 and opt-in. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds.
seems like while pypa is still suggestion the python sigstore action, the github attestations are more native, so we should move there?
The text was updated successfully, but these errors were encountered: