TIL: Some surprising code execution sources in bash
Posts
-
TIL: Some surprising code execution sources in bash -
PyPI's support for PEP 740 now includes GitLab, extending support beyond the initial scope (which was GitHub).PyPI's support for PEP 740 now includes GitLab, extending support beyond the initial scope (which was GitHub). that means that, if you're a GitLab CI/CD user, you can now upload attestations to PyPI and the index will verify and re-serve them!
docs here: https://docs.pypi.org/attestations/producing-attestations/#gitlab-cicd
-
@yossarian can you force pip to require attestations during a pip install?@risottobias yes, an interface like that is roughly the goal!
-
@yossarian can you force pip to require attestations during a pip install?@risottobias not at the moment — attestation verification requires components that aren’t easy to integrate into pip directly, since pip has vendoring/pure python requirements. Our current plan is to build a verification plugin that’ll extend pip, and to work longer term on direct integration into pip