(blog.pypi.org)

218 points miketheman | 1 comments | 14 Nov 24 14:25 UTC | HN request time: 0.209s | source

Show context

amelius ◴[14 Nov 24 23:56 UTC] No.42142619[source]▶

I'm curious what would happen if a maintainer's PC is compromised. Is there any line of defense left at that point?

1. pabs3 ◴[15 Nov 24 07:34 UTC] No.42144678[source]▶

Your own source code audits (including just watching git logs), and or social code audits using crev.

PyPI now supports digital attestations