alt Hacker News> You can find them in the write up by searching for “Sigstore” (I would direct link them, but I’m on mobile).
Yeah, I know they are in sigstore, I just did not know how to find them. Is there an interface for this I missed?
> Hmm, where do you see this? The release history on PyPI doesn’t show any recreations[1].
Then I completely misunderstood what happened. Was this in fact completely made up releases that were not even intended to be triggered? Eg: a bot released .41 without there being an intent of being an actual .41 release? I thought that UltralyticsAssistant was the developer, not the attacker. Do they also control that thing?
> Is there an interface for this I missed?
That would be search.sigstore.dev, unless I'm misunderstanding what you mean.
> Was this in fact completely made up releases that were not even intended to be triggered? Eg: a bot released .41 without there being an intent of being an actual .41 release? I thought that UltralyticsAssistant was the developer, not the attacker. Do they also control that thing?
.41 and .42 were triggered directly from the repository. One was triggered by the UltralyticsAssistant account and included a human bypass, which strongly suggests that the attacker controlled (and maybe still controls) that bot account.
The last two compromised releases were published directly via API token, not via the source repo, which strongly suggests that the attacker either exfil’d an old API token from CI/CD or that they’re in control of the developer’s account on PyPI. Those ones don’t have attestations, while the first two releases do (two each, one per dist per release).