With "trusted publishers" is there any user-verifiable evidence that a particular pypi package is based on a particular CI workflow?

[nealmcb]

I'm so glad to see repositories lik Pypi and improving security practices, and appreciated the information at Trusted Publishers for All Package Repositories | wg-securing-software-repos

I wonder if any of this is visible to repo users. For a given package, are any signatures exposed to relying parties? Can I verify that a particular version of a package came from a particular CI workflow.

For some Trusted Publishing providers, Trusted Publishers allow binding verifiable metadata like the source repository URL to a published artifact, allowing package repositories to avoid “Star-Jacking” and similar attacks that confuse users about the trustworthiness of a project.

Some pointers to more info on this, and how end-users might be able to verify it, would be helpful.

[di]

Not yet, but this is in progress. For PyPI specifically, implementation of PEP 740 is underway, which will allow maintainers to publish attestations along with artifacts corresponding to those Trusted Publisher identities.

The next step after attestation generation & publication is verification, at which point this will become more end-user-visible.