Seth Michael Larson
Seth Michael Larson
@webknjaz Glad you're thinking about build provenance already, I'm interested in tackling build provenance for Python too :rocket: These initial attestations are similar to NPM's publish provenance so is best...
> With Publish Provenance as a baseline, we can add a File OIDCPublisher relationship that tracks the Trusted Publisher that was verified to have published the given File I was...
@facutuesca @woodruffw Is there a risk in checking and updating the verified status of URLs for each artifact? It was noted somewhere that many projects use multiple build infrastructures to...
Noting here that there's now an OSV database hosted by the OpenSSF that tracks this information: https://github.com/ossf/malicious-packages
@Sparkycz You point at the repository `elasticsearch-py-async` (`elasticsearch-async` on PyPI) and this is the repo `elasticsearch-py` (`elasticsearch` on PyPI). Has there been a mix-up here? Can you try aiohttp 3.7...
Would like to know more about why you explicitly need SNI to be sent when connecting to a service via IP (over explicitly specifying the host you're verifying against for...
This library is thread-safe but isn't safe to fork/access from multiple different processes so your approach of creating a separate instance per forked process is correct. What configuration were you...
@redbaron4 I understand. Could you copy and paste the code you were using in 7.17 so I can see how the client was configured and try to reproduce the problem?
Likely a function that grabs a flat structure with a bunch of fields on it, maybe `.transport_info()`? Probably won't be available until v8.x
Transferred this issue to `elastic-transport-python` as it would be implemented here in 8.x.