Document PEP740 attestations #17043
Labels
Comments
QuLogic
added
feature request
requires triaging
|
Ah sorry, I looked for "PEP740", which apparently didn't catch "PEP 740". |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What's the problem this feature will solve?
gh-action-pypi-publishis now advertising that you can use PEP740 attestations, that are now on by default. This is not documented or explained anywhere.Describe the solution you'd like
Neither https://docs.pypi.org/trusted-publishers/using-a-publisher/ nor https://docs.pypi.org/trusted-publishers/security-model/ describe PEP740 or what attestations do.
https://pypi.org/help/ does not mention it either.
I don't see any indication how to upload attestations (though I understand it's on by default now, so probably I don't need to do anything.) I also don't see any indication of where the attestations go and how to verify that they exist and are correct.
The text was updated successfully, but these errors were encountered: