-
Hi,
I am currently using the latest commit from November 19, 2024, and have observed a change in the behavior of attestation case delegation.
Previously, as of the October 8, 2024, commit, I w…
-
### What would you like to see? Please provide a clear and concise description of what you want
The next version should look a bit nicer and include the following features from the initial spec.
-…
-
Hi,
I'm looking to use PEP 740 attestations in Sphinx, using the `pypi_attestations` CLI. The signing and inspection steps seem to work, but I've had some trouble with `verify`. Hopefully there's an …
-
Currently exploring two implementations for delegated attestations. either as authorities or via `signatures`
In rust based blockchains, signatures can easily be compute intensive and slow.
Howev…
-
This is how the official action does this: https://github.com/actions/toolkit/blob/77f247b/packages/attest/src/store.ts#L5-L44.
This is the API endpoint doc: https://docs.github.com/en/rest/repos/r…
-
https://docs.pypi.org/attestations/
IMHO implement it in `maturin` feels like duplicate efforts, what do you think @konstin
-
RP currently have 4 options for requesting attestation.
enum [AttestationConveyancePreference] {
["none"],
["indirect"],
["direct"],
["enterprise"]
};
In general, we want a RP…
-
Ideally someone familiar with generation of intoto specifications will propose a suitable, exensible solution to "provenance claims" made from the perspective of the SCP.
Here is a _very_ rough summ…
-
Versions can have attestation information (electronic signature). If it is present, index it in the database and add logic to verify the signature of the document (at least to verify the document in t…
-
We should provide guidance on where source attestations are stored.
We may not want to be too prescriptive but should provide an allowance for how a source control system (#1128) should do so.
N…