You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The PEP includes endorsements from the projects/groups/people it helps
Endorsed by release managers for 3.8, 3.9, 3.14, and 3.14.next (Hugo is also the PEP sponsor) who are the primary benefactors of this PEP.
Note that downstream verifiers of signatures necessarily need to do additional work as a result of this PEP, usually to adopt Cosign but also to package the "root of trust" if offline verification is needed. This PEP gives a way to extend the timeline if the schedule is too disruptive.
Container image builders (Docker, Heroku Buildpack) have shared that it's possible to verify and would be easier with support from Linux distros (Debian is outstanding, Alpine already supports Sigstore). Docker already has a POC for Sigstore verification.
The PEP has a CODEOWNERS entry
The text was updated successfully, but these errors were encountered:
Please consider PEP 761 -- Deprecating PGP signatures for CPython artifacts
https://peps.python.org/pep-0761/
Post-History
headerPost-History
)The text was updated successfully, but these errors were encountered: