From 7fbacdcd9d16d7cb5d8e365cc685597168818ea7 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@yossarian.net>
Date: Thu, 22 Aug 2024 02:00:24 -0400
Subject: [PATCH] PEP 740: clarify that provenance is nullable (#3906)

Signed-off-by: William Woodruff <william@yossarian.net>
---
 peps/pep-0740.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/peps/pep-0740.rst b/peps/pep-0740.rst
index c3945c61c..aafb51637 100644
--- a/peps/pep-0740.rst
+++ b/peps/pep-0740.rst
@@ -235,9 +235,9 @@ The following changes are made to the
 * When an uploaded file has one or more attestations, the index **MAY**
   include a ``provenance`` key in the ``file`` dictionary for that file.
 
-  The value of the ``provenance`` key **SHALL** be a JSON string, which
-  **SHALL** be the SHA-256 digest of the associated ``.provenance`` file,
-  as in the Simple Index.
+  The value of the ``provenance`` key **SHALL** be either a JSON string
+  or ``null``. If ``provenance`` is not ``null``, it **SHALL** be the SHA-256
+  digest of the associated ``.provenance`` file, as in the Simple Index.
 
   See :ref:`appendix-3` for an explanation of the technical decision to
   embed the SHA-256 digest in the JSON API, rather than the full