Explore the integration of Sigstore into the Python packaging ecosystem in this 25-minute conference talk. Learn about the development of sigstore-python, a high-quality Python API and CLI for Sigstore-style signatures and verifications. Discover the challenges of adopting Sigstore in Python's packaging ecosystem and how it fits into the packaging user experience. Examine the potential benefits for both "ordinary" users seeking baseline authenticity and integrity, and "proactive" users looking for additional security guarantees. Gain insights into the future of secure Python package publishing and consumption workflows.
Sigstore for Python Packaging - Next Steps for Adoption
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Sigstore for Python Packaging: Next Steps for Adoption - William Woodruff, Trail of Bits
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Ergonomic Codesigning for the Python Ecosystem with Sigstore
-
Building Sigstore Policies from Scratch
-
The Road to SLSA4 - Applying the Sigstore Ecosystem in a Corporate Environment
-
Sigstore: Past, Present and Future Directions
-
Zero-Trust Supply Chain Security with Sigstore, TektonCD and SPIFFE
-
Sigstore: Evolution and Future of Software Security Signing
