Logistical note: This update also contains updates from December.
-
We've merged initial attestation generation support into
homebrew-core, meaning that all new bottle builds/uploads are being accompanied by build provenance: Homebrew/homebrew-core#160941 -
We've made changes to Homebrew's build workflows to enabled build provenance generation: Homebrew/homebrew-core#160941
-
We performed a earlier provenance generation test on
Homebrew/actions: Homebrew/actions#479 -
We completed API-level DSSE signing support in
sigstore-python: sigstore/sigstore-python#804 -
We have continued to perform refactoring and cleanup tasks on
sigstore-pythonin support of DSSE signing and verification: sigstore/sigstore-python#862 -
We've submitted API improvements to
python-betterprotoin preparation for integratingbetterprotointoin_toto_attestations: danielgtaylor/python-betterproto#551 -
We've made code quality, CI/CD, and API improvements to
in_toto_attestations: in-toto/attestation#311, in-toto/attestation#312, in-toto/attestation#306, in-toto/attestation#301
-
We are investigating the second stage of build provenance generation for
homebrew-core("backfill" attestations for pre-existing bottles) -
We are beginning work on a
brewsubcommand for build provenance generation: Homebrew/brew#16543 -
We are continuing work on support for
betterprotoinin_toto_attestations: in-toto/attestation#315 -
We are continuing refactor and standards work in support of DSSE verification in
sigstore-python: sigstore/sigstore-python#876, sigstore/sigstore-conformance#122