October 21, 2024

New article: Python and Sigstore

Did you know that CPython artifacts are signed with Sigstore?

I’ve introduced a PEP which deprecates PGP signatures for CPython artifacts. Find out about the motivation and what I’ve learned from talking to downstream signature verifiers.

Read the article: https://sethmlarson.dev/python-and-sigstore

This week I was also a guest on the Open Source Security Podcast talking about Sigstore and other projects I’ve been working on at the Python Software Foundation. Thanks Josh and Kurt for having me on the show!