jazzband/pip-tools

Research ways to support verifying the PEP 740 digital attestations early

Open

#2,080 opened on Apr 26, 2024

View on GitHub
 (3 comments) (0 reactions) (0 assignees)Python (605 forks)batch import
PR wantedenhancementfeaturehasheshelp wantedneeds discussionneeds more infopackaging

Repository metrics

Stars
 (7,230 stars)
PR merge metrics
 (Avg merge 4d 20h) (9 merged PRs in 30d)

Description

The upstream is moving forward now — https://github.com/pypi/warehouse/issues/15871 — so should pip-tools. I don't yet know what it'll look like here but we need to watch for the opportunities to integrate a preliminary support for such security-related features.

Contributor guide