Description
Release distributions can be signed and verified through the Sigstore ecosystem. Maintainers can create provenance-friendly signatures, verify Python package releases, and strengthen supply-chain workflows from the terminal or Python APIs. It may use identity providers, network services, and signing credentials during operation.