From 092f2c12e339e2dd7cc9408fad1db19dbdad2943 Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Thu, 16 Oct 2025 17:20:36 +0200 Subject: [PATCH] Update URL for pypi-attestations repository Signed-off-by: Facundo Tuesca --- docs/dev/security/attestation-internals.rst | 4 ++-- docs/user/attestations/producing-attestations.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/dev/security/attestation-internals.rst b/docs/dev/security/attestation-internals.rst index c61a71072367..bcbb9869ff8d 100644 --- a/docs/dev/security/attestation-internals.rst +++ b/docs/dev/security/attestation-internals.rst @@ -291,7 +291,7 @@ Attestation object verification is described at a high level in :pep:`740`. Users are **strongly discouraged** from implementing the steps below in an ad-hoc manner, since they involve error-prone X.509 and transparency log operations. Instead, we **strongly encourage** integrators to use - either `pypi-attestation-models`_ or `sigstore-python`_'s pre-existing APIs + either `pypi-attestations`_ or `sigstore-python`_'s pre-existing APIs for attestation manipulation, signing, and verification. Using the details above, we can provide the steps with slightly more accuracy: @@ -343,6 +343,6 @@ and any operations on its associated distribution should halt. .. _`DSSE PAE encoding`: https://github.com/secure-systems-lab/dsse/blob/v1.0.0/protocol.md -.. _`pypi-attestation-models`: https://github.com/trailofbits/pypi-attestation-models +.. _`pypi-attestations`: https://github.com/pypi/pypi-attestations .. _`sigstore-python`: https://github.com/sigstore/sigstore-python diff --git a/docs/user/attestations/producing-attestations.md b/docs/user/attestations/producing-attestations.md index c99c037364d4..0c807442a6f8 100644 --- a/docs/user/attestations/producing-attestations.md +++ b/docs/user/attestations/producing-attestations.md @@ -231,11 +231,11 @@ Before uploading attestations to the index, please: [official workflows described above]: #the-easy-way -[pypi-attestations]: https://github.com/trailofbits/pypi-attestations +[pypi-attestations]: https://github.com/pypi/pypi-attestations [ambient identity]: https://github.com/sigstore/sigstore-python#signing-with-ambient-credentials -[pypi-attestations' documentation]: https://trailofbits.github.io/pypi-attestations/pypi_attestations.html +[pypi-attestations' documentation]: https://pypi.github.io/pypi-attestations/pypi_attestations.html [Sigstore bundles]: https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_bundle.proto