sethmlarson.dev

Archives
Log in
Subscribe
December 23, 2025

PEP 770 was accepted in April, what's happened since?

PEP 770 (“Improving measurability of Python packages with Software Bill-of-Materials”) was accepted in April of this year, what has happened since then?

  • I published a white paper about the development of PEP 770 and phantom dependencies in Python packages.

  • Auditwheel, manylinux, and cibuildwheel adopted PEP 770.

  • Over 300 projects already ship with PEP 770 SBOM data on the Python Package Index.

  • Fedora and Red Hat adopted PEP 770 for Python packages to reduce vulnerability scanner false-positives.

Read more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat

Don't miss what's next. Subscribe to sethmlarson.dev:
← Newer Blind Carbon Copy (BCC) for SMS Older → Delta emulator adds support for SEGA Genesis

Add a comment:

You're not signed in. Posting this comment will subscribe you to this newsletter with the email address you enter below.
Share this email:
Share on Hacker News Share on Reddit Share via email Share on Mastodon Share on Bluesky
sethmlarson.dev
Bluesky
Mastodon
Powered by Buttondown, the easiest way to start and grow your newsletter.