Matthew Feickert
Matthew Feickert
> Another option is that we allow-list certain issuers for projects in certain organizations, and manually handle these on a case-by-case basis. This seems the most reasonable, as otherwise there...
> Can completely understand where they are coming from as the "User Documentation" has a lot of info for helping new users. For example "A brief Introduction", "Becoming Involved", "How...
> Hopefully we can tackle this as part of https://github.com/conda-forge/conda-forge.github.io/issues/2164. I agree with your points. Thanks and that's great to see the work being done on the Issue. :+1: >...
cc @Pablo-Lemos. Could you please review this?
> Maybe Adam can do it cc @adam-coogan
Thanks very much for the merge, @EnceladeCandy. 👍 Can you also please make a patch release to PyPI?
> So basically you would recommend that whenever a lock file is used, that all of the hashes are pinned as well? Yes. If you don't have things pinned down...
> Note that I have release some singularity image for MG5aMc That's great to hear. :+1: Though for the most part I'm not going to be running on the GRID...
Debug examples running on my fork: * [Example for deploying awkward-cpp](https://github.com/matthewfeickert/awkward/actions/runs/9178469342) ``` Attestation created for awkward-cpp-33.tar.gz@sha256:ac86c8e77e024afc75cb16d84fab16a95b343183ac47017f332ee35b64553abe Attestation signed using certificate from Public Good Sigstore instance Attestation signature uploaded to Rekor...
Nice to see for `awkward-cpp` `v34` and `awkward` `v2.6.5`: https://github.com/scikit-hep/awkward/attestations  ```console $ python -m pip download --no-deps awkward Collecting awkward Downloading awkward-2.6.5-py3-none-any.whl.metadata (7.0 kB) Downloading awkward-2.6.5-py3-none-any.whl (796 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━...