Sigstore for Python Packaging - Next Steps for Adoption
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore the integration of Sigstore into the Python packaging ecosystem in this 25-minute conference talk. Learn about the development of sigstore-python, a high-quality Python API and CLI for Sigstore-style signatures and verifications. Discover the challenges of adopting Sigstore in Python's packaging ecosystem and how it fits into the packaging user experience. Examine the potential benefits for both "ordinary" users seeking baseline authenticity and integrity, and "proactive" users looking for additional security guarantees. Gain insights into the future of secure Python package publishing and consumption workflows.
Syllabus
Sigstore for Python Packaging: Next Steps for Adoption - William Woodruff, Trail of Bits
Taught by
CNCF [Cloud Native Computing Foundation]