iSharkFly-Open
/
python-peps
mirror of https://github.com/python/peps.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

PEP 761: Add additional links to Sigstore docs (#4035)

This commit is contained in:
Seth Michael Larson 2024-10-09 14:18:54 -05:00 committed by GitHub
parent 4c8e388c0e
commit 6e74588077
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
peps/pep-0761.rst
View File

@ -22,11 +22,11 @@ practitioners <https://www.latacora.com/blog/2019/07/16/the-pgp-problem/>`_
for many years now, with the biggest issue being that there were few
alternatives for "artifact signing" being proposed or adopted.
Sigstore's design philosophy has focused on the ergonomics of signing and
verifying and uses short-lived keys with strongly-bound human-readable
identities via OpenID Connect. Sigstore has both development and adoption
momentum, seeing adoption by PyPI, NPM, Homebrew, and GitHub, among other
ecosystems.
`Sigstore's <https://docs.sigstore.dev>`_ design philosophy has focused on the
ergonomics of signing and verifying and `uses short-lived keys with
strongly-bound human-readable identities via OpenID Connect <https://docs.sigstore.dev/#how-sigstore-works>`_.
Sigstore has both development and adoption momentum, seeing adoption by PyPI,
NPM, Homebrew, and GitHub, among other ecosystems.
This PEP proposes to move CPython to using Sigstore exclusively for signing
artifacts through a deprecation and eventual discontinuance of providing PGP