issues
search
trailofbits
/
pypi-attestations
A library to convert between Sigstore Bundles and PEP 740 Attestation objects
https://trailofbits.github.io/pypi-attestations
Apache License 2.0
1
stars
1
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
build(deps): bump actions/upload-artifact from 4.4.2 to 4.4.3 in the actions group
#61
dependabot[bot]
closed
17 hours ago
0
build(deps): bump actions/upload-artifact from 4.4.1 to 4.4.2 in the actions group
#60
dependabot[bot]
closed
1 day ago
0
build(deps): bump the actions group with 2 updates
#59
dependabot[bot]
closed
2 days ago
0
_cli: make it clear that subjects are identities
#58
woodruffw
closed
3 days ago
0
_cli: exit with an error code when verification fails
#57
woodruffw
closed
3 days ago
0
README: reorganize, add callouts
#56
woodruffw
closed
3 days ago
0
Difficulties with `pypi_attestations verify`
#55
AA-Turner
opened
4 days ago
5
release: split jobs, refactor
#54
woodruffw
closed
1 week ago
0
release: enable attestations
#53
woodruffw
closed
1 week ago
0
CLI: add a `convert` subcommand?
#52
woodruffw
opened
1 week ago
0
build(deps): bump actions/checkout from 4.1.7 to 4.2.0 in the actions group
#51
dependabot[bot]
closed
2 weeks ago
0
misc cleanup
#50
woodruffw
closed
2 weeks ago
0
pypi-attestations: prep 0.0.12
#49
woodruffw
closed
3 weeks ago
0
Fix base64 encode/decode bug due to Pydantic issue
#48
facutuesca
closed
3 weeks ago
0
build(deps): bump actions/setup-python from 5.1.1 to 5.2.0 in the actions group
#47
dependabot[bot]
closed
1 month ago
0
build(deps): bump actions/attest from 1.4.0 to 1.4.1 in the actions group
#46
dependabot[bot]
closed
1 month ago
0
build(deps): update sigstore requirement from ~=3.1.0 to >=3.1,<3.3 in the python group
#45
dependabot[bot]
closed
1 month ago
0
Consider switching `Publisher` to be a `RootModel`
#44
woodruffw
opened
1 month ago
0
Run mypy on tests
#43
woodruffw
closed
1 month ago
2
Update CHANGELOG for version 0.0.10
#42
DarkaMaul
closed
2 months ago
1
build(deps): bump actions/attest from c578ab5e377a70e30e1411d16a0eba675e5dc2e9 to 2da0b136720d14f01f4dbeeafd1d5a4d76cbe21d in the actions group
#41
dependabot[bot]
closed
2 months ago
0
workflows: hash-pin all workflows
#40
woodruffw
closed
2 months ago
0
bump sigstore ~= 3.1
#39
woodruffw
closed
2 months ago
0
Make `Publisher` a discriminated union
#38
woodruffw
closed
2 months ago
1
Upgrade minimum Python version
#37
DarkaMaul
closed
2 months ago
0
Add the PEP 740 related objects
#36
DarkaMaul
closed
2 months ago
0
prep 0.0.9
#35
woodruffw
closed
2 months ago
1
src, test: remove I/O from sign/verify APIs
#34
woodruffw
closed
2 months ago
0
API: Don't do I/O in sign/verify APIs
#33
woodruffw
closed
2 months ago
3
_impl: catch another _ultranormalize_dist_filename error case
#32
woodruffw
closed
2 months ago
0
re-export AttestationType
#31
woodruffw
closed
3 months ago
0
prep 0.0.7
#30
woodruffw
closed
3 months ago
0
Add `AttestationType`, check during verify
#29
woodruffw
closed
3 months ago
0
Prevent third party exceptions to leak from `Attestation.sign`.
#28
DarkaMaul
closed
3 months ago
0
CHANGELOG: add missing entries
#27
woodruffw
closed
3 months ago
4
CHANGELOG, README: more renames
#26
woodruffw
closed
3 months ago
0
Rename to pypi-attestations
#25
DarkaMaul
closed
3 months ago
1
Move free functions to Attestation
#24
DarkaMaul
closed
3 months ago
0
API: `Attestation.sign` should not leak 3p exceptions
#23
woodruffw
closed
3 months ago
0
CLI tool (init)
#22
DarkaMaul
closed
3 months ago
1
Small CLI driver
#21
woodruffw
closed
3 months ago
2
verify: return statement bits
#20
woodruffw
closed
3 months ago
0
release: switch to attestation
#19
woodruffw
closed
4 months ago
0
Switch to in-toto statements
#18
woodruffw
closed
4 months ago
1
Release 0.0.2
#17
facutuesca
closed
4 months ago
0
Release 0.0.1
#16
facutuesca
closed
4 months ago
0
impl: stream into sha256
#15
woodruffw
closed
4 months ago
0
Refactor: turn helpers into instance methods
#14
woodruffw
closed
3 months ago
0
`AttestationPayload.from_dist` should probably do SHA256 in a streaming fashion
#13
woodruffw
closed
4 months ago
0
README: minor cleanup
#12
woodruffw
closed
5 months ago
0
Next