New article: Python and Sigstore
Did you know that CPython artifacts are signed with Sigstore?
I’ve introduced a PEP which deprecates PGP signatures for CPython artifacts. Find out about the motivation and what I’ve learned from talking to downstream signature verifiers.
Read the article: https://sethmlarson.dev/python-and-sigstore
This week I was also a guest on the Open Source Security Podcast talking about Sigstore and other projects I’ve been working on at the Python Software Foundation. Thanks Josh and Kurt for having me on the show!
Don't miss what's next. Subscribe to sethmlarson.dev:
Start the conversation: