Desire for digital signatures on Python packages has been repeatedly expressed by both package maintainers and downstream users:
Maintainers wish to demonstrate the integrity and authenticity of their package uploads;
Individual downstream users wish to verify package integrity and authenticity without placing additional trust in their index’s honesty;
“Bulk” downstream users (such as Operating System distributions) wish to perform similar verifications and potentially re-expose or countersign for their own downstream packaging ecosystems.
Acceptance Criteria
Not totally sure. There's probably a way to check that this is working.
Feature description
See https://peps.python.org/pep-0740/
Use case
Acceptance Criteria
Not totally sure. There's probably a way to check that this is working.
Proposed solution
No response
Alternatives considered
No response
Implementation details
No response
Potential Impact
No response
Additional context
No response
Contribution
None