File tree Expand file tree Collapse file tree 1 file changed +6
-0
lines changed
Expand file tree Collapse file tree 1 file changed +6
-0
lines changed Original file line number Diff line number Diff line change @@ -10,6 +10,7 @@ Topic: Packaging
1010Created: 04-Dec-2025
1111Post-History: `09-Jun-2025 <https://discuss.python.org/t/94968 >`__,
1212
13+
1314Abstract
1415========
1516
@@ -19,6 +20,7 @@ not provide the security they purport. Users looking for wheel signing should
1920instead refer to :ref: `index hosted attestations
2021<packaging:index-hosted-attestations>`.
2122
23+
2224Motivation
2325==========
2426
@@ -39,6 +41,7 @@ Both files are virtually unused. A GitHub search for ``path:**.dist-info/RECORD`
3941yields 635k results, ``path:**.dist-info/RECORD.jws `` has 8 distinct results
4042and ``path:**.dist-info/RECORD.p7s `` has zero results.
4143
44+
4245Specification
4346=============
4447
@@ -48,6 +51,7 @@ The ``RECORD.jws`` and ``RECORD.p7s`` files are deprecated, and the
4851backends and other tools MUST NOT add these files to wheels. Installers
4952SHOULD NOT attempt to verify them, while they remain excluded from ``RECORD ``.
5053
54+
5155Backwards Compatibility
5256=======================
5357
@@ -59,13 +63,15 @@ files, they need to deprecate and eventually remove this feature.
5963For verifying provenance, users should refer to
6064:ref: `index hosted attestations <packaging:index-hosted-attestations >`.
6165
66+
6267Security Implications
6368=====================
6469
6570This PEP strengthens the security of the Python packaging ecosystem by
6671reducing the divergence between security features presented in the
6772specification and the security features supported by tools.
6873
74+
6975Copyright
7076=========
7177
You can’t perform that action at this time.
0 commit comments