Support PEP 740 Digital Attestation

[jornfranke]

Describe the feature

Botocore is used by many companies in various projects (https://trailofbits.github.io/are-we-pep740-yet/).

Companies can more safely use Botocore if the package is published with digital attestations according to PEP 740 (https://peps.python.org/pep-0740/).

Hence, boto3 should be published with digital attestations.

Use Case

I want to make sure that the boto3 package on pypi has not been replaced by malicious actors and that the version I download follows certain quality standards.

Proposed Solution

Implement a publishing CI/CD pipeline that generates and uploads digital attestations.

Example:
https://docs.pypi.org/attestations/

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

SDK version used

1.36.15

Environment details (OS name and version, etc.)

Does not depend on an environment

[RyanFitzSimmonsAK]

Hi @jornfranke, thanks for this feature request. I can definitely see the value in this, but we don't have a specific timeline for implementation at the moment. I'll leave this issue up to track this, and others can 👍 to express interest.