{"bugs":[{"bugid":962429,"firstseen":"2025-09-06T17:48:58.445019","severity":"enhancement","status":"IN_PROGRESS","summary":"dev-python\/pypi-attestations: keywording"}],"categories":[{"categoryid":450,"name":"dev-lang","summary":"The dev-lang category contains various programming language implementations and related tools."},{"categoryid":336,"name":"dev-python","summary":"The dev-python category contains packages whose primary purpose is to provide Python modules, extensions and bindings, as well as tools and utilities useful for development in the Python programming language."}],"changelog":[{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"def2257d52f523576174820c4a640e290fb6a1fc","committime":"2026-04-05T19:00:54","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Detect when dev-python\/sigstore has been upgraded already but\ndev-python\/pypi-attestations are still old, and skip the provenance\ncheck for a clean upgrade.  This should be safe since the distfiles is\nstill verified against our Manifests.\n\nCloses: https:\/\/bugs.gentoo.org\/969332\nSigned-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"164cd32c00a7d8a751cc0058b9b7bcf77543fe80","committime":"2026-04-05T18:49:09","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Skip provenance check on upgrade cycle"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"6b7ee7e41fc213f49d83c56d776399f8fdae7e8f","committime":"2026-04-05T05:00:55","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"e9304fa6cd2492b0f886d17a2e91c24da9f37ab0","committime":"2026-04-05T04:33:59","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Remove old"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"646e0aef939542fc32a88fb14030af72b1a3d1d7","committime":"2026-04-04T23:15:53","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"5c7f6a086a9cbb49cbcd86e29448ca59830aed27","committime":"2026-04-04T23:03:10","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Stabilize 0.0.29 ALLARCHES, #971982"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"6fb7db995b24c2c04c6d04c03a388a680a981623","committime":"2025-12-12T04:45:46","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"bea20d3a436c25b2f40da15552bce36287063a8e","committime":"2025-12-12T04:12:10","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Bump to 0.0.29"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"d8f660ed5cc9c70df57adf685a102ccaa3a97ec0","committime":"2025-10-17T06:03:34","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"3a547113f98563c2dde904cae799ea02e948bc69","committime":"2025-10-17T05:22:15","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Bump to 0.0.28"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"79516fd396241d474b3e2f072079cc4246cc47ad","committime":"2025-10-12T20:18:40","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"arthurzam@gentoo.org","authorname":"Arthur Zamarin","body":"Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>","commitid":"da680780c4cface32a458bfc81083a15d4cc0e5a","committime":"2025-10-12T20:11:22","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Keyword 0.0.27 ppc64, #962429"},{"authoremail":"arthurzam@gentoo.org","authorname":"Arthur Zamarin","body":"Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>","commitid":"9a30f932b334e1465c5e588682a6d3a1860a1312","committime":"2025-10-12T20:11:21","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Keyword 0.0.27 ppc, #962429"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"480693f3aba6c970a3bb5ca327a5c8b31818ad89","committime":"2025-09-06T17:49:22","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"arthurzam@gentoo.org","authorname":"Arthur Zamarin","body":"Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>","commitid":"531c03125a7929dcaaef259614b825d7cb9d143f","committime":"2025-09-06T17:38:58","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Stabilize 0.0.27 amd64, #962428"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"d27839fb051496ca67a36bc8f64c87cdcb1c6f3f","committime":"2025-09-06T07:22:08","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>\nPart-of: https:\/\/github.com\/gentoo\/gentoo\/pull\/43549\nSigned-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"7615a4a7c55df90f256a0365caf732197da8bc59","committime":"2025-08-24T17:54:55","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Enable provenance verification"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"22d068e039bede55d518c1cca18950313b483697","committime":"2025-08-24T17:34:31","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"0b6afa6b8ad844836827ffba7b9d05aefa3f2b72","committime":"2025-08-24T17:16:12","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Use EPYTEST_PLUGINS"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"25a188b70d11a0dbb436e69b19a3b7bf916ab6ed","committime":"2025-08-24T17:15:29","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Remove old"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"81dd8cb951bec2fa7e370561bfee201d806ca2b3","committime":"2025-06-04T02:27:01","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"4250b012299415012c7e076e7e90a7833711fabc","committime":"2025-06-04T01:35:08","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Bump to 0.0.27"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"d3177adfc06ed3d25a10eb1c635f2b78f9486320","committime":"2025-06-04T01:32:30","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Remove old"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"b72fb3ffed98b999df91f0a071e4664aff9a0e91","committime":"2025-05-16T04:25:07","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"9d70ce985fa0d3689acee56028b860d9cbfd1b29","committime":"2025-05-16T03:29:07","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Bump to 0.0.26"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"9070590ad79e729610b9c646bf693809ecc89c20","committime":"2025-05-13T01:53:51","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"sam@gentoo.org","authorname":"Sam James","body":"Signed-off-by: Sam James <sam@gentoo.org>","commitid":"0e0f4766f8cb9ffd51536d71da038c02799d7c4c","committime":"2025-05-13T01:42:31","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: enable py3.13"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"5bd057acb0c57d539f7fe27bcaab26623e77fbc5","committime":"2025-04-24T02:05:14","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"9ebd5c17bf59609a5952aac7846614eb263bd993","committime":"2025-04-24T01:25:28","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Remove old"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"cb309f63700da14dae461a6ef16f2dd7e1a8a271","committime":"2025-04-24T01:25:12","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Bump to 0.0.25"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"ed6a2a173ccb1865901d167cfaae9c71792b8e98","committime":"2025-04-23T05:50:09","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Signed-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"f52239b6bdab8d21dcd4901d6cf83fc9af6c7d7d","committime":"2025-04-23T05:10:05","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: Bump to 0.0.24"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"0857680ca19d4380c23b153683592866646c32f7","committime":"2025-04-06T05:50:15","packageid":78263,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"A new package that can be used to verify the \"attestations\"\n(i.e. signatures) of published PyPI uploads.\n\nSigned-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"32aea4bd6cccf99ffc7054d01e54960d598edeba","committime":"2025-04-06T05:38:12","packageid":78263,"repoid":1,"summary":"dev-python\/pypi-attestations: New package, v0.0.23"}],"dependencies":[],"depending":[],"ebuilds":[{"archs":["amd64","~ppc","~ppc64"],"ebuildid":884327,"firstseen":"2025-12-12T05:02:21.640040","license":"MIT","moddate":"2026-04-05T19:10:42","packageid":78263,"repoid":1,"slot":"0","uses":["python_targets_python3_11","python_targets_python3_12","python_targets_python3_13","test","verify-provenance"],"version":"0.0.29"}],"masks":[],"package":{"categoryid":336,"description":"Convert between Sigstore Bundles and PEP-740 Attestation objects","firstseen":"2025-04-06T07:08:30.189992","name":"pypi-attestations","packageid":78263},"rdependencies":[{"block":false,"categoryid":450,"description":"An interpreted, interactive, object-oriented programming language","ebuildids":[884327,884327,884327],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"python@gentoo.org","maintainername":"Python","name":"python","packageid":43095},{"block":false,"categoryid":336,"description":"ASN.1 library for Python","ebuildids":[884327],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"python@gentoo.org","maintainername":"Python","name":"pyasn1","packageid":54214},{"block":false,"categoryid":336,"description":"HTTP library for human beings","ebuildids":[884327],"firstseen":"2012-01-02T14:37:42.991671","maintainer":"python@gentoo.org","maintainername":"Python","name":"requests","packageid":58639,"summary":"Most existing Python modules for sending HTTP requests are extremely verbose and cumbersome. Python’s built-in urllib2 module provides most of the HTTP capabilities you should need, but the API is thoroughly broken. This library is designed to make HTTP requests easy for developers."},{"block":false,"categoryid":336,"description":"Library providing cryptographic recipes and primitives","ebuildids":[884327],"firstseen":"2014-03-01T14:39:29.303715","maintainer":"python@gentoo.org","maintainername":"Python","name":"cryptography","packageid":61965},{"block":false,"categoryid":336,"description":"Validating URI References per RFC 3986","ebuildids":[884327],"firstseen":"2014-11-19T14:46:25.863618","maintainer":"prometheanfire@gentoo.org","maintainername":"Matthew Thode","name":"rfc3986","packageid":62816},{"block":false,"categoryid":336,"description":"Core utilities for Python packages","ebuildids":[884327],"firstseen":"2015-08-24T13:48:37.707111","maintainer":"python@gentoo.org","maintainername":"Python","name":"packaging","packageid":64001},{"block":false,"categoryid":336,"description":"Data parsing and validation using Python type hints","ebuildids":[884327],"firstseen":"2020-10-08T21:15:13.489134","name":"pydantic","packageid":72076},{"block":false,"categoryid":336,"description":"A tool for signing Python package distributions","ebuildids":[884327],"firstseen":"2024-09-27T20:09:31.469687","name":"sigstore","packageid":77745},{"block":false,"categoryid":336,"description":"Pydantic based models for Sigstore's protobuf specifications","ebuildids":[884327],"firstseen":"2025-09-19T13:53:02.253524","name":"sigstore-models","packageid":78528}],"repos":[{"branch":"master","lastcommit":"82366aa45a35f6900f43023917c2c86ccdbb00a3","name":"gentoo","path":"\/usr\/portage","repoid":1,"upstream":"origin"}],"tracked":false,"urls":["https:\/\/github.com\/pypi\/pypi-attestations\/","https:\/\/pypi.org\/project\/pypi-attestations\/"],"uses":[{"description":"Enable dependencies and\/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)","isdefault":false,"use":"test"},{"description":"Verify provenance of PyPI distfiles (verifies that the artifact comes from upstream source repository)","isdefault":false,"use":"verify-provenance"},{"description":"Build with Python 3.11","group":"python_targets","isdefault":false,"use":"python3_11"},{"description":"Build with Python 3.12","group":"python_targets","isdefault":false,"use":"python3_12"},{"description":"Build with Python 3.13","group":"python_targets","isdefault":false,"use":"python3_13"}]}