jawnsy
commented
11 months ago The official Python documentation now recommends signing with Sigstore: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#signing-the-distribution-packages
First check
Description
As supply chain compromises increase in both frequency and severity (notable instances include the SolarWinds compromise), many customers and vendors are looking to verify that containers were built in a trusted environment. For us, this means verifying that our images were built in GitHub Actions from our project.
The Sigstore project is backed by the Linux Foundation and intends to be the "Let's Encrypt of Code Signing," meaning that they want to make it simple for vendors to sign artifacts. It has a keyless signing mode that uses OIDC federation to sign an ephemeral certificate (Fulcio) track the certificates in a transparency log (Rekor), and sign arbitrary container image digests using the ephemeral key corresponding to the certificate (the Python sigstore package).
The Sigstore documentation describes the relationship between these components.
Similar to #8531 but focused on the Python packages rather than resulting container images
Impact
Users (both customers and open source users) will be able to check that our packages are signed.
Additional context
PyPI packages can be signed using a Python package (sigstore) but Warehouse does not support OIDC authentication yet (see also the https://github.com/pypi/warehouse/issues/10644)