As part of making signing simple, I think we should expose these APIs as well. Per PEP 740, this would look roughly like:
class AttestationPayload:
distribution: str
"""
The file name of the Python package distribution.
"""
digest: str
"""
The SHA-256 digest of the distribution's contents, as a hexadecimal string.
"""
@classmethod
def from_dist(cls, dist: Path) -> Self:
...
def __bytes__(self) -> bytes:
return rfc8785.dumps(self.dict())
As part of making signing simple, I think we should expose these APIs as well. Per PEP 740, this would look roughly like:
Thoughts @facutuesca?