Consider verifying attestations!

[woodruffw]

Hey @feynmanix! Thanks for making this tool; I think it's very cool!

I'm filing this as food for thought: another signal you can apply here is whether a distribution has attestations or not and, if so, whether they validate against a TOFU'd identity.

The easiest way to do this would be to establish a bit of local state: the first resolution/verification of an attestation for a package should cache that attestation's identity, and then subsequent resolutions/updates can verify against the cached identity (and emit a warning/advisory if the identity diverges). Similarly, if a previous resolution of a package has an attestation but a new resolution (i.e. a newer upload, not necessarily a higher version) is missing one, pipask could emit a warning/advisory about a potential downgrade attempt.

That's pretty high-level, since the details of attestations are non-trivial. However, I'd be happy to go into them and share some more resources if you're interested in this!

[feynmanix]

Hi @woodruffw, makes sense. Looking into this was down in my list of TODOs but I can bump it up!

What pipask already does is it uses attestations to determine the repository the package was published from. Given that

Currently, PyPI allows for attestations to be signed by the following Trusted Publisher identities

this covers part of the feature?

If I understand correctly, you're suggesting to also test whether the publisher changed between updates? That would require pipask to run on updates too - currently it only runs on installs.