API: `Attestation.sign` should not leak 3p exceptions

trailofbits / pypi-attestations

A library to convert between Sigstore Bundles and PEP 740 Attestation objects

https://trailofbits.github.io/pypi-attestations

Apache License 2.0

1 stars 1 forks source link

API: `Attestation.sign` should not leak 3p exceptions #23

Closed woodruffw closed 3 months ago

woodruffw commented 3 months ago

Right now, we probably do. We should make sure that any exceptions that come out of Attestation.sign get wrapped in AttestationError or an appropriate subtype.