Mastodawn

Osna.FM Sep 23, 2025

The German Federal Court of Justice (Bundesgerichtshof) has largely rejected an appeal by a physician against a ruling from the Dresden Regional Court concernin... https://news.osna.fm/?p=16532 | #news #attestations #case #court #doctors

Doctor's Fake Attestations Case Upheld by Germany's Top Court - Osna.FM

Doctor convicted: Germany's Federal Court upholds ruling for issuing false medical certificates, highlighting legal consequences for fraudulent practices.

Osna.FM

Show thread

Shane Curcuru Nov 15, 2024

@OpenForumEurope
#Attestations news: PyPi now has a superautomated Trusted Publishers system, where each release artifact is securely tied to a machine identity that the artifact was created by. This includes some level of tie to the user as well, although it doesn't seem to necessarily cover organization/hosting foundation/project ownership. #Python #Identity

https://docs.pypi.org/trusted-publishers/

Getting Started - PyPI Docs

GripNews Nov 15, 2024

🌘 在 PyPI 上的新型簽章 Attestations
➤ PyPI 新功能 Attestations 提升軟體包安全性及溯源能力。
✤ https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/
過去一年來，我們與 Python Package Index（PyPI）合作開發新的安全功能：基於索引的數位鑑定，提供了便利性、加密強度和證明來源等性質，使軟體供應鏈更具完整、加密可驗證的來源。通過 Trusted Publishing 在 PyPI 上發佈軟體包時不需改變工作流程，使得包裹具備建置來源。Trusted Publishing 的成功吸引了其他生態系統的注意。由 Trusted Publishing 連接到 Sigstore，提供可驗證的機器身份，達到令人驚嘆的來源追蹤。Sigstore 將 Trusted Publishing 與證明基因結合，透過 Attetations 和來源簽署使分發和來源之間
#PyPI #簽章 #Attestations

Attestations: A new generation of signatures on PyPI

For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been disabled on PyPI) by providing key usability, index verifiability, cryptographic strength, and provenance properties that bring […]

The Trail of Bits Blog

Aptivi Jul 27, 2024

Attest Our Projects using GitHub Attestations

GitHub has announced the Attestations feature back at the start of May 2024 and has released it as a public beta available to all GitHub users on June 25th, 2024. This blog article explains how the GitHub Attestations feature works using the Sigstore software that signs and verifies the open-source program artifacts usually generated by the continuous integration system. Here, it’s known as GitHub Actions. This allows you to reduce the supply chain attacks and increase the security of the broader software ecosystem.

The latest version of GitHub CLI tool, that you can install easily from this website (some distros still haven’t updated this tool to a version that supports this feature), can be used to verify the file signature by comparing it to the available attestation list found in your GitHub account.

Our projects’ GitBook docs, such as Nitrocid KS, are updated to add a verification step involving a single command line, assuming that the GitHub CLI is installed to your distribution with at least version 2.49.0 or higher. To verify that you’ve downloaded the right copy from the Releases window of our project in GitHub, follow these steps that apply to all the projects that use the attestation system (currently, we only support attestations in applications, with possible archived library docs support coming later):

Install GH CLI 2.49.0 or higher.

Run this command: gh attestation verify <version>-bin.zip --owner Aptivi, where <version> is a version of Nitrocid that you’ve downloaded.

If everything went OK, you should see the output similar to this:

Loaded digest sha256:6030eb1eb660f336d8b070202c598e8f51e50c8b9ca9084f30aa8d40ecbb996f for file://0.1.0.10-bin-lite.zip
Loaded 1 attestation from GitHub API
✓ Verification succeeded!

sha256:6030eb1eb660f336d8b070202c598e8f51e50c8b9ca9084f30aa8d40ecbb996f was attested by:
REPO               PREDICATE_TYPE                  WORKFLOW
Aptivi/NitrocidKS  https://slsa.dev/provenance/v1  .github/workflows/prepdraft.yml@refs/tags/v0.1.0.10

If you saw an output other than the above, like 404 errors as shown below, it’s possible that you either got a corrupt download, or you got a malicious download that is unverified by us.

Loaded digest sha256:78fc7b18c2e5e2753934652d294456d11d8dadad6f638dedc31513c4570587a1 for file://0.1.0.10-bin-lite.zip
✗ Loading attestations from GitHub API failed

Error: failed to fetch attestations from Aptivi: HTTP 404: Not Found (https://api.github.com/orgs/Aptivi/attestations/sha256:78fc7b18c2e5e2753934652d294456d11d8dadad6f638dedc31513c4570587a1?per_page=30)

Tell us how it worked for you! Enjoy!

#Net #Net6 #Net60 #NET7 #NET70 #NetCore #NetFramework #Attest #Attestation #Attestations #devops #GH #git #github #GitHubAttestation #githubActions #Programming #update #Verification #Verify

InfoQ Jan 10, 2024

OpenSSF unveils SBOMit - a tool designed to bolster Software Bills of Materials (#SBOMs) with #InToto #attestations.

This development increases transparency & security in the software development process.

To learn more, read #InfoQ: https://bit.ly/48Q2zf1

#DevOps #DevSecOps #Security

OpenSSF Adds Attestations to SBOMs to Validate How Software is Built

The Open Source Security Foundation (OpenSSF) has recently announced SBOMit, a tool designed to bolster Software Bills of Materials (SBOMs) with in-toto attestations. This development, announced under the OpenSSF Security Tooling Working Group, increases transparency and security in the software development process.

InfoQ

Inautilo Jul 26, 2023

#Development #Reviews
Apple already shipped attestation on the web · The threat of Google’s and Apple’s attestation systems to the open web https://ilo.im/14cumu

#Apple #Safari #Google #Chrome #Business #WebDevelopment #WebDev #PrivateAccessTokens #WebIntegrityAPI #Gatekeepers #Attestations #OpenWeb

Apple already shipped attestation on the web, and we barely noticed

There's been a lot of concern recently about the Web Environment Integrity proposal, developed by a selection of authors from Google, and apparently being...

Inautilo Jul 26, 2023

#Development #Reviews
Google’s nightmare ‘Web Integrity API’ wants a DRM gatekeeper for the web · An attestation would be required before accessing webpages https://ilo.im/14cigm

_____
#Google #Chrome #Advertising #Business #WebDevelopment #WebDev #WebIntegrityAPI #DRM #Gatekeepers #Attestations

Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web

It's just a "proposal," but it's also being prototyped inside Chrome right now.

Ars Technica

Le1901News Apr 15, 2021

RT@SebastienM
#TREAD Bienvenue en #Absurdistan #covid #attestations

Retour d'une audience mercredi au tribunal de police d'une petite sous-préfecture.

Mon papa était renvoyé pour avoir rempli au crayon à papier son attestation début avril 2020.
Contestation de l'amende = renvoi au tribunal. https://t.co/3nctRHqdkc

Sebastien Mabile on Twitter

“#TREAD Bienvenue en #Absurdistan #covid #attestations Retour d'une audience mercredi au tribunal de police d'une petite sous-préfecture. Mon papa était renvoyé pour avoir rempli au crayon à papier son attestation début avril 2020. Contestation de l'amende = renvoi au tribunal.”

redfrog Apr 10, 2021

#TREAD Bienvenue en #Absurdistan #covid #attestations

(respirer profondément avant de lire)

Retour d'une audience mercredi au tribunal de police d'une petite sous-préfecture.

Mon papa était renvoyé pour avoir rempli au crayon à papier son attestation début avril 2020.
Contestation de l'amende = renvoi au tribunal.

https://twitter.com/SebastienM/status/1380435967362920448

Sebastien Mabile on Twitter

“14. Morale de l'histoire: - ne jamais laisser de pouvoir d'appréciation aux forces de police et de gendarmerie, qui en usent et en abusent. - ces procédures dans lesquelles le tribunal et le ministère public ignorent la loi rappellent l'importance de l'avocat.”

Twitter

Geekenvrac Apr 10, 2021

"#TREAD Bienvenue en #Absurdistan #covid #attestations Retour d'une audience mercredi au tribunal de police d'une petite sous-préfecture. Mon papa était renvoyé pour avoir rempli au crayon à papier son attestation début avril 2020. Contestation de l'amende = renvoi au tribunal.
https://twitter.com/SebastienM/status/1380435926569132036

Sebastien Mabile on Twitter

Twitter