Explore the integration of Sigstore into the Python packaging ecosystem in this 25-minute conference talk. Learn about the development of sigstore-python, a high-quality Python API and CLI for Sigstore-style signatures and verifications. Discover the challenges of adopting Sigstore in Python's packaging ecosystem and how it fits into the packaging user experience. Examine the potential benefits for both "ordinary" users seeking baseline authenticity and integrity, and "proactive" users looking for additional security guarantees. Gain insights into the future of secure Python package publishing and consumption workflows.
Sigstore for Python Packaging - Next Steps for Adoption
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Sigstore for Python Packaging: Next Steps for Adoption - William Woodruff, Trail of Bits
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Ergonomic Codesigning for the Python Ecosystem with Sigstore
-
From Cosign to an Ecosystem - The Evolution of Sigstore
-
An Introduction to Sigstore for Pythonistas
-
Building Sigstore Policies from Scratch
-
Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain
-
PEP 740 and PyPI - Bootstrapping Provenance for the Python Ecosystem
