PyPI Publish Attestation (v1)

Type URI:https://docs.pypi.org/attestations/publish/v1

Version 1.0

Purpose

To provide a minimal, "implicit" digital attestation for PyPI packages publishedvia Trusted Publishing.

Use Cases

ATrusted Publisher can produce this attestation during the publishingprocess for a particular release of a PyPI project. This allows consumers ofthat project to verify the following:

1. That a particular release distribution (i.e. sdist or wheel) was, in fact, uploaded via a Trusted Publisher and not some other publishing mechanism (such as a locally-held API token).
2. That aspecific Trusted Publisher identity was used to publish to the project, such as a particular GitHub Actions workflow, GitLab identity, Google Cloud service account, etc.

Put together, these allow users to assert a higher degree of confidence inthe integrity (but not necessarily trustworthiness) of projects published to PyPI,by asserting that the package's files are published via a short-lived credentialcorresponding to a specific machine identity (such as a GitHub Actions workflow).

This can be further composed with monitoring, e.g. for changes to a PyPIproject's attested Trusted Publisher over time, indicating potentiallymalicious changes to the project.

Prerequisites

This predicate depends on thein-toto Attestation Framework.

Model

This predicate conveys aTrusted Publisher's intent to publish a packageto PyPI.

It implicitly communicates the state of the Trusted Publisher (at the time ofpublishing) via the identity that produced the signature. This identitycan be cross-checked during verification, perPEP 740, via the"provenance" objects served by PyPI's index APIs.

Schema

This predicate has no schema. The Type URI is the only required field,and itMUST behttps://docs.pypi.org/attestations/publish/v1.

Thepredicate body itselfMUST be either empty(meaning an empty JSON object,{}) or not supplied (meaning JSONnull).