diff --git a/locales/ar/LC_MESSAGES/messages.po b/locales/ar/LC_MESSAGES/messages.po
index ff65aaf99..85a1af5d2 100644
--- a/locales/ar/LC_MESSAGES/messages.po
+++ b/locales/ar/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-01-18 07:31+0000\n"
 "Last-Translator: Youcef Guenaoua <youcefguenaoua123@gmail.com>\n"
 "Language-Team: Arabic <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -609,7 +609,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1887,7 +1887,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2638,29 +2638,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2669,17 +2656,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5090,7 +5090,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5099,9 +5099,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5214,7 +5214,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5246,28 +5246,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8335,29 +8348,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8368,31 +8403,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9567,44 +9602,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9614,17 +9663,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9632,17 +9681,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9654,38 +9703,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9696,34 +9745,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9731,58 +9780,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9794,18 +9843,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9816,32 +9865,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9849,17 +9898,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9869,49 +9918,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9919,33 +9968,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9956,17 +10005,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9976,33 +10025,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10013,18 +10062,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10034,17 +10083,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10052,17 +10101,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10070,7 +10119,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10078,7 +10127,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10089,24 +10138,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10114,21 +10163,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10136,34 +10185,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12211,7 +12260,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13281,6 +13330,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13418,7 +13468,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15041,6 +15091,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15211,7 +15557,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17099,11 +17445,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17113,11 +17474,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17127,7 +17488,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17135,7 +17496,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17143,11 +17504,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17157,7 +17518,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17167,14 +17528,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17184,7 +17545,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17192,7 +17553,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17201,38 +17562,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17243,29 +17604,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17274,7 +17635,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17284,48 +17645,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17334,7 +17695,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17346,7 +17707,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17356,18 +17717,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17375,11 +17736,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17387,7 +17748,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17397,7 +17758,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17407,7 +17768,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17415,28 +17776,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17445,37 +17806,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17483,19 +17844,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17504,41 +17865,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17548,7 +17909,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17558,11 +17919,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17570,33 +17931,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17605,14 +17966,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17622,7 +17983,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17630,14 +17991,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17647,27 +18008,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17676,7 +18037,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17687,7 +18048,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17697,11 +18066,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17709,11 +18078,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17721,19 +18090,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17742,7 +18111,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17750,11 +18119,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17763,65 +18132,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17829,7 +18198,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17840,7 +18209,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17849,33 +18218,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17885,7 +18254,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17895,7 +18264,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17903,7 +18272,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17914,22 +18283,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17938,25 +18307,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17964,13 +18333,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17980,18 +18349,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17999,7 +18368,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18009,7 +18378,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18017,11 +18386,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18032,7 +18401,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18040,7 +18409,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18049,7 +18418,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18057,7 +18426,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18067,20 +18436,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18088,7 +18457,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18097,18 +18466,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18116,13 +18485,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18131,23 +18500,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18156,63 +18525,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18222,7 +18591,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18230,7 +18599,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18239,21 +18608,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18265,11 +18634,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18277,11 +18646,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18289,7 +18658,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18298,14 +18667,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18314,7 +18683,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18323,48 +18692,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21268,7 +21643,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21717,43 +22092,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21763,23 +22138,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21787,28 +22162,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21816,44 +22191,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/ars/LC_MESSAGES/messages.po b/locales/ars/LC_MESSAGES/messages.po
index 85344bb15..d76fd9dc6 100644
--- a/locales/ars/LC_MESSAGES/messages.po
+++ b/locales/ars/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -604,7 +604,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1882,7 +1882,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2633,29 +2633,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2664,17 +2651,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5085,7 +5085,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5094,9 +5094,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5209,7 +5209,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5241,28 +5241,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8330,29 +8343,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8363,31 +8398,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9562,44 +9597,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9609,17 +9658,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9627,17 +9676,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9649,38 +9698,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9691,34 +9740,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9726,58 +9775,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9789,18 +9838,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9811,32 +9860,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9844,17 +9893,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9864,49 +9913,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9914,33 +9963,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9951,17 +10000,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9971,33 +10020,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10008,18 +10057,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10029,17 +10078,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10047,17 +10096,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10065,7 +10114,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10073,7 +10122,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10084,24 +10133,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10109,21 +10158,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10131,34 +10180,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12206,7 +12255,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13276,6 +13325,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13413,7 +13463,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15036,6 +15086,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15206,7 +15552,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17094,11 +17440,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17108,11 +17469,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17122,7 +17483,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17130,7 +17491,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17138,11 +17499,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17152,7 +17513,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17162,14 +17523,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17179,7 +17540,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17187,7 +17548,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17196,38 +17557,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17238,29 +17599,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17269,7 +17630,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17279,48 +17640,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17329,7 +17690,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17341,7 +17702,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17351,18 +17712,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17370,11 +17731,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17382,7 +17743,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17392,7 +17753,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17402,7 +17763,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17410,28 +17771,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17440,37 +17801,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17478,19 +17839,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17499,41 +17860,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17543,7 +17904,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17553,11 +17914,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17565,33 +17926,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17600,14 +17961,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17617,7 +17978,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17625,14 +17986,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17642,27 +18003,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17671,7 +18032,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17682,7 +18043,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17692,11 +18061,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17704,11 +18073,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17716,19 +18085,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17737,7 +18106,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17745,11 +18114,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17758,65 +18127,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17824,7 +18193,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17835,7 +18204,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17844,33 +18213,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17880,7 +18249,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17890,7 +18259,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17898,7 +18267,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17909,22 +18278,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17933,25 +18302,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17959,13 +18328,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17975,18 +18344,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17994,7 +18363,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18004,7 +18373,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18012,11 +18381,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18027,7 +18396,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18035,7 +18404,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18044,7 +18413,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18052,7 +18421,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18062,20 +18431,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18083,7 +18452,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18092,18 +18461,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18111,13 +18480,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18126,23 +18495,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18151,63 +18520,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18217,7 +18586,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18225,7 +18594,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18234,21 +18603,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18260,11 +18629,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18272,11 +18641,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18284,7 +18653,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18293,14 +18662,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18309,7 +18678,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18318,48 +18687,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21263,7 +21638,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21712,43 +22087,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21758,23 +22133,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21782,28 +22157,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21811,44 +22186,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/de/LC_MESSAGES/messages.po b/locales/de/LC_MESSAGES/messages.po
index 3c2f0956f..52a53a33d 100644
--- a/locales/de/LC_MESSAGES/messages.po
+++ b/locales/de/LC_MESSAGES/messages.po
@@ -13,7 +13,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-10-17 21:16+0000\n"
 "Last-Translator: Emr <emrd434@gmail.com>\n"
 "Language-Team: German <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -658,7 +658,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1948,7 +1948,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2700,29 +2700,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr "Paket importieren"
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2731,18 +2718,31 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 msgid "Installed Project"
 msgstr "Betreuer"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "Modul"
@@ -5163,7 +5163,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5172,9 +5172,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5287,7 +5287,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5319,28 +5319,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8414,29 +8427,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8447,31 +8482,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9646,44 +9681,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9693,17 +9742,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9711,17 +9760,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9733,38 +9782,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9775,34 +9824,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9810,58 +9859,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9873,18 +9922,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9895,32 +9944,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9928,17 +9977,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9948,49 +9997,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9998,33 +10047,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10035,17 +10084,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10055,33 +10104,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10092,18 +10141,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10113,17 +10162,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10131,17 +10180,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10149,7 +10198,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10157,7 +10206,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10168,24 +10217,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10193,21 +10242,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10215,34 +10264,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12290,7 +12339,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13360,6 +13409,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13497,7 +13547,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15124,6 +15174,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15296,7 +15642,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17187,11 +17533,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17201,11 +17562,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17215,7 +17576,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17223,7 +17584,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17231,12 +17592,12 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 msgid "Installers"
 msgstr "Betreuer"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17246,7 +17607,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17256,14 +17617,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17273,7 +17634,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17281,7 +17642,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17290,38 +17651,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17332,29 +17693,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17363,7 +17724,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17373,48 +17734,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17423,7 +17784,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17435,7 +17796,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17445,18 +17806,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17464,11 +17825,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17476,7 +17837,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17486,7 +17847,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17496,7 +17857,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17504,28 +17865,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17534,37 +17895,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17572,19 +17933,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17593,41 +17954,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17637,7 +17998,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17647,11 +18008,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17659,33 +18020,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17694,14 +18055,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17711,7 +18072,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17719,14 +18080,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17736,27 +18097,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17765,7 +18126,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17776,7 +18137,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17786,11 +18155,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17798,11 +18167,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17810,19 +18179,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17831,7 +18200,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17839,11 +18208,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17852,65 +18221,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17918,7 +18287,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17929,7 +18298,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17938,33 +18307,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17974,7 +18343,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17984,7 +18353,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17992,7 +18361,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18003,22 +18372,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18027,25 +18396,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18053,13 +18422,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18069,18 +18438,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18088,7 +18457,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18098,7 +18467,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18106,11 +18475,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18121,7 +18490,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18129,7 +18498,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18138,7 +18507,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18146,7 +18515,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18156,20 +18525,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18177,7 +18546,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18186,18 +18555,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18205,13 +18574,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18220,23 +18589,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18245,63 +18614,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18311,7 +18680,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18319,7 +18688,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18328,21 +18697,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18354,11 +18723,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18366,11 +18735,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18378,7 +18747,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18387,14 +18756,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18403,7 +18772,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18412,48 +18781,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21357,7 +21732,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21806,43 +22181,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21852,23 +22227,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21876,28 +22251,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21905,44 +22280,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/eo/LC_MESSAGES/messages.po b/locales/eo/LC_MESSAGES/messages.po
index f008b02dc..d369be1c7 100644
--- a/locales/eo/LC_MESSAGES/messages.po
+++ b/locales/eo/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2021-08-06 05:45+0000\n"
 "Last-Translator: meowmeowmeowcat <meowmeowcat1211@gmail.com>\n"
 "Language-Team: Esperanto <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -618,7 +618,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1949,7 +1949,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 #, fuzzy
 #| msgid "Version"
 msgid "Versioning"
@@ -2714,29 +2714,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2745,19 +2732,32 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 #| msgid "Installer"
 msgid "Installed Project"
 msgstr "Instalilo"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "Modulo"
@@ -5229,7 +5229,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5238,9 +5238,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5353,7 +5353,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5385,28 +5385,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8535,29 +8548,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8568,40 +8603,40 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 #, fuzzy
 #| msgid ":ref:`pip`"
 msgid ":ref:`Flit`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 #, fuzzy
 msgid ":ref:`Hatch`,"
 msgstr "pip, `bandersnatch`_"
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 #, fuzzy
 #| msgid ":ref:`pip`"
 msgid ":ref:`PDM`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 #, fuzzy
 #| msgid ":ref:`pip`"
 msgid ":ref:`Pipenv`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 #, fuzzy
 #| msgid ":ref:`pip`"
 msgid ":ref:`Poetry`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9850,38 +9885,52 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:420
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:426
+msgid ""
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
+msgstr ""
+
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 #, fuzzy
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
@@ -9891,7 +9940,7 @@ msgstr ""
 "pipenv>`__ | `Cimoj <https://github.com/pypa/pipenv/issues>`__ | `PyPI "
 "<https://pypi.org/project/pipenv>`__"
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9901,11 +9950,11 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 #, fuzzy
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
@@ -9915,7 +9964,7 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9923,17 +9972,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9945,11 +9994,11 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 #, fuzzy
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
@@ -9959,28 +10008,28 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9991,11 +10040,11 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 #, fuzzy
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
@@ -10005,19 +10054,19 @@ msgstr ""
 "<https://github.com/pypa/setuptools/issues>`__ | `GitHub <https://github.com/"
 "pypa/setuptools>`__ | `PyPI <https://pypi.org/project/setuptools>`__"
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 #, fuzzy
 msgid "meson-python"
 msgstr "python"
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 #, fuzzy
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
@@ -10027,7 +10076,7 @@ msgstr ""
 "<https://github.com/pypa/setuptools/issues>`__ | `GitHub <https://github.com/"
 "pypa/setuptools>`__ | `PyPI <https://pypi.org/project/setuptools>`__"
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -10035,42 +10084,42 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 #, fuzzy
 #| msgid "`Source <https://github.com/pypa/pipfile>`__"
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr "`Fonto <https://github.com/pypa/pipfile>`__"
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 #, fuzzy
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
@@ -10080,19 +10129,19 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -10104,11 +10153,11 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 #, fuzzy
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
@@ -10119,7 +10168,7 @@ msgstr ""
 "<https://github.com/pypa/setuptools/issues>`__ | `GitHub <https://github.com/"
 "pypa/setuptools>`__ | `PyPI <https://pypi.org/project/setuptools>`__"
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -10130,11 +10179,11 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 #, fuzzy
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
@@ -10143,23 +10192,23 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -10167,17 +10216,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -10187,11 +10236,11 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 #, fuzzy
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
@@ -10200,19 +10249,19 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 #, fuzzy
 #| msgid "python"
 msgid "Pulp-python"
 msgstr "python"
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 #, fuzzy
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
@@ -10222,18 +10271,18 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 #, fuzzy
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
@@ -10243,7 +10292,7 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -10251,11 +10300,11 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 #, fuzzy
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
@@ -10265,17 +10314,17 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 #, fuzzy
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
@@ -10285,7 +10334,7 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10296,11 +10345,11 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 #, fuzzy
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
@@ -10310,7 +10359,7 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10320,11 +10369,11 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 #, fuzzy
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
@@ -10333,24 +10382,24 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10361,11 +10410,11 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 #, fuzzy
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
@@ -10376,7 +10425,7 @@ msgstr ""
 "<https://github.com/pypa/setuptools/issues>`__ | `GitHub <https://github.com/"
 "pypa/setuptools>`__ | `PyPI <https://pypi.org/project/setuptools>`__"
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10386,17 +10435,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10404,11 +10453,11 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 #, fuzzy
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
@@ -10418,7 +10467,7 @@ msgstr ""
 "github.com/pypa/bandersnatch>`__ | `PyPI <https://pypi.org/project/"
 "bandersnatch>`__"
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10426,7 +10475,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10434,7 +10483,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10445,24 +10494,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10470,21 +10519,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10492,11 +10541,11 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 #, fuzzy
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
@@ -10506,18 +10555,18 @@ msgstr ""
 "<https://github.com/pypa/setuptools/issues>`__ | `GitHub <https://github.com/"
 "pypa/setuptools>`__ | `PyPI <https://pypi.org/project/setuptools>`__"
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 #, fuzzy
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
@@ -10527,7 +10576,7 @@ msgstr ""
 "<https://github.com/pypa/setuptools/issues>`__ | `GitHub <https://github.com/"
 "pypa/setuptools>`__ | `PyPI <https://pypi.org/project/setuptools>`__"
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12579,7 +12628,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13654,6 +13703,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr "Specifado"
@@ -13792,7 +13842,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 #, fuzzy
 msgid "Versions"
 msgstr "Versio"
@@ -15441,6 +15491,304 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+#, fuzzy
+#| msgid "A simple project"
+msgid "Attestation objects"
+msgstr "Simpla projekto"
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 #, fuzzy
 #| msgid "Configuring metadata"
@@ -15616,7 +15964,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 #, fuzzy
 #| msgid "Creating pyproject.toml"
 msgid "Recommendations"
@@ -17522,11 +17870,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17536,11 +17899,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17550,7 +17913,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17558,7 +17921,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17566,13 +17929,13 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 #| msgid "Installer"
 msgid "Installers"
 msgstr "Instalilo"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17582,7 +17945,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17592,14 +17955,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17609,7 +17972,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17617,7 +17980,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17626,38 +17989,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17668,29 +18031,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17699,7 +18062,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17709,50 +18072,50 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 #, fuzzy
 #| msgid "Contents"
 msgid "Clients"
 msgstr "Enhavoj"
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17761,7 +18124,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17773,7 +18136,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17783,18 +18146,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17802,11 +18165,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17814,7 +18177,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17824,7 +18187,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17834,7 +18197,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17842,28 +18205,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17872,38 +18235,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "Versio de pako"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17911,19 +18274,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17932,44 +18295,44 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 #| msgid "Project"
 msgid "Project List"
 msgstr "Projekto"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 #, fuzzy
 msgid "As an example:"
 msgstr "Ekzemploj"
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17979,7 +18342,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17989,13 +18352,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 #| msgid "Project name"
 msgid "Project Detail"
 msgstr "Nomo de projekto"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -18003,35 +18366,35 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 #, fuzzy
 #| msgid "The name of the project."
 msgid "``name``: The normalized name of the project."
 msgstr "La nomo de la projekto."
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -18040,14 +18403,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -18057,7 +18420,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -18065,14 +18428,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -18082,27 +18445,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -18111,7 +18474,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -18122,7 +18485,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -18132,13 +18503,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 #, fuzzy
 #| msgid "Contents"
 msgid "Content-Types"
 msgstr "Enhavoj"
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -18146,11 +18517,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -18158,19 +18529,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -18179,7 +18550,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -18187,13 +18558,13 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 #| msgid "Version"
 msgid "Version + Format Selection"
 msgstr "Versio"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -18202,65 +18573,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -18268,7 +18639,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -18279,7 +18650,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -18288,33 +18659,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -18324,7 +18695,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -18334,7 +18705,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -18342,7 +18713,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18353,22 +18724,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18377,25 +18748,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18403,13 +18774,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18419,18 +18790,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18438,7 +18809,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18448,7 +18819,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18456,11 +18827,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18471,7 +18842,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18479,7 +18850,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18488,7 +18859,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18496,7 +18867,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18506,20 +18877,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18527,7 +18898,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18536,18 +18907,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18555,13 +18926,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18570,23 +18941,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18595,63 +18966,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18661,7 +19032,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18669,7 +19040,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18678,21 +19049,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18704,11 +19075,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18716,11 +19087,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18728,7 +19099,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18737,14 +19108,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18753,7 +19124,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18762,48 +19133,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21734,7 +22111,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr "Sekvaj paŝoj"
 
@@ -22183,43 +22560,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr "Instali vian nove alŝutitan pakon"
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr "Certigu, ke vi indikas vian salutnomon en la nomo de la pako!"
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -22229,23 +22606,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr "kaj enportu la pakon:"
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr "**Gratulon, vi pakis kaj distribuis Python-projekton!** ✨ 🍰 ✨"
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -22253,28 +22630,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -22282,7 +22659,7 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
@@ -22290,38 +22667,38 @@ msgstr ""
 "Instalu vian pakon el la vera PyPI per ``python3 -m pip install [your-"
 "package]``."
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/es/LC_MESSAGES/messages.po b/locales/es/LC_MESSAGES/messages.po
index fa3975df2..d3b7e62b4 100644
--- a/locales/es/LC_MESSAGES/messages.po
+++ b/locales/es/LC_MESSAGES/messages.po
@@ -15,17 +15,17 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
-"PO-Revision-Date: 2024-09-17 19:22+0000\n"
+"POT-Creation-Date: 2024-11-24 11:39+0000\n"
+"PO-Revision-Date: 2024-11-24 22:33+0000\n"
 "Last-Translator: gallegonovato <fran-carro@hotmail.es>\n"
-"Language-Team: Spanish <https://hosted.weblate.org/projects/pypa/packaging-"
-"python-org/es/>\n"
+"Language-Team: Spanish <https://hosted.weblate.org/projects/pypa/"
+"packaging-python-org/es/>\n"
 "Language: es\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 5.8-dev\n"
+"X-Generator: Weblate 5.9-dev\n"
 
 #: ../source/contribute.rst:5
 msgid "Contribute to this guide"
@@ -769,7 +769,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr "Unix (incluyendo Linux y macOS)"
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:572 ../source/key_projects.rst:576
 msgid "pex"
 msgstr "pex"
 
@@ -1877,13 +1877,11 @@ msgstr ""
 
 #: ../source/discussions/single-source-version.rst:7
 #, fuzzy
-#| msgid "Incomplete"
 msgid "Complete"
 msgstr "Incompleta"
 
 #: ../source/discussions/single-source-version.rst:8
 #, fuzzy
-#| msgid "2021-8-24"
 msgid "2024-10-07"
 msgstr "2021-8-24"
 
@@ -2089,6 +2087,7 @@ msgstr ""
 
 #: ../source/discussions/versioning.rst:6
 #: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 #, fuzzy
 msgid "Versioning"
 msgstr "Versión"
@@ -2847,29 +2846,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2878,18 +2864,31 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 msgid "Installed Project"
 msgstr "Instalador"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "Módulo"
@@ -5456,7 +5455,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:808 ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -8609,22 +8608,26 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
+#: ../source/guides/tool-recommendations.rst:155
 msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8636,35 +8639,42 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 #, fuzzy
 msgid ":ref:`Flit`,"
 msgstr ":ref:`pip`"
 
 #: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 #, fuzzy
 msgid ":ref:`Hatch`,"
 msgstr ":ref:`pip`"
 
 #: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 #, fuzzy
 msgid ":ref:`PDM`,"
 msgstr ":ref:`pip`"
 
 #: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 #, fuzzy
 msgid ":ref:`Pipenv`,"
 msgstr ":ref:`pip`"
 
 #: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 #, fuzzy
 msgid ":ref:`Poetry`,"
 msgstr ":ref:`pip`"
 
 #: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9871,17 +9881,17 @@ msgid ""
 "modifying their metadata."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:431 ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:433 ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:437 ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9891,17 +9901,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:448 ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:450 ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:453 ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9909,17 +9919,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:460 ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:462 ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:466 ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9931,38 +9941,39 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:481 ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:483 ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
 #: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:740 ../source/key_projects.rst:491
+#: ../source/key_projects.rst:685 ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:489 ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:495 ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:497 ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:500 ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9973,34 +9984,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:512 ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:514 ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:517 ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:525 ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:527 ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:530 ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -10008,59 +10019,59 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:540 ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:542 ../source/key_projects.rst:546
 #, fuzzy
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr "`pip-tools <https://github.com/jazzband/pip-tools>`_"
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:544 ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:550 ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:552 ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:554 ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:560 ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:562 ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:566 ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:574 ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:578 ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -10081,18 +10092,18 @@ msgstr ""
 "pueden tener opcionalmente herramientas incrustadas que permiten convertir "
 "el archivo PEX en un venv estándar, dibujar dependencias y más."
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:590 ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:592 ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:596 ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -10103,32 +10114,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:608 ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:610 ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:613 ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:619 ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:621 ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:625 ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -10136,17 +10147,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:634 ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:636 ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:640 ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -10156,49 +10167,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:650 ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:652 ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:655 ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:661 ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:663 ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:667 ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:675 ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:677 ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:683 ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -10206,33 +10217,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:691 ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:693 ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:696 ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:702 ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:704 ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:707 ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10243,17 +10254,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:718 ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:720 ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:724 ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10263,33 +10274,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:735 ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:737 ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:742 ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:748 ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:750 ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:754 ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10300,18 +10311,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:765 ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:767 ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:771 ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10321,17 +10332,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:781 ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:783 ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:787 ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10339,17 +10350,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:795 ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:797 ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:800 ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10357,7 +10368,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:810 ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10365,7 +10376,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:815 ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10376,24 +10387,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:823 ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:829 ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:831 ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:835 ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10401,21 +10412,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:842 ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:847 ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:849 ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:852 ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10423,34 +10434,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:860 ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:862 ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:865 ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:872 ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:874 ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:877 ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12503,6 +12514,7 @@ msgstr ""
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
+#: ../source/specifications/simple-repository-api.rst:988
 msgid "History"
 msgstr ""
 
@@ -13571,6 +13583,7 @@ msgstr ""
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
 #: ../source/specifications/inline-script-metadata.rst:13
+#: ../source/specifications/index-hosted-attestations.rst:17
 msgid "Specification"
 msgstr "Especificación"
 
@@ -13709,6 +13722,7 @@ msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
 #: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 #, fuzzy
 msgid "Versions"
 msgstr "Versión"
@@ -15514,6 +15528,7 @@ msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
 #: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 #, fuzzy
 msgid "Recommendations"
 msgstr "Recomendaciones de herramientas"
@@ -17427,11 +17442,13 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "Traducciones"
 
 #: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17442,10 +17459,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17456,6 +17475,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17464,6 +17484,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17472,11 +17493,13 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 msgid "Installers"
 msgstr "Instalador"
 
 #: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17487,6 +17510,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17497,6 +17521,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
@@ -17504,6 +17529,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17514,6 +17540,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17522,6 +17549,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17531,14 +17559,17 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
@@ -17546,22 +17577,26 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17573,14 +17608,17 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
@@ -17588,6 +17626,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
@@ -17595,6 +17634,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17604,6 +17644,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17614,6 +17655,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
@@ -17622,11 +17664,14 @@ msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:237
 #: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 #, fuzzy
 msgid "Clients"
 msgstr "Contenido"
 
 #: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
@@ -17634,28 +17679,33 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17665,6 +17715,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17677,6 +17728,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17687,11 +17739,13 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 #, fuzzy
 msgid "Backwards Compatibility"
 msgstr "Etiquetas de compatibilidad con plataformas"
 
 #: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
@@ -17699,6 +17753,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17707,10 +17762,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17719,6 +17776,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17729,6 +17787,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17739,6 +17798,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17747,6 +17807,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
@@ -17754,6 +17815,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
@@ -17761,6 +17823,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
@@ -17768,6 +17831,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17777,6 +17841,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
@@ -17784,11 +17849,13 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "Traducciones"
 
 #: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
@@ -17796,18 +17863,21 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17816,18 +17886,21 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17837,23 +17910,27 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 msgid "Project List"
 msgstr "Proyecto"
 
 #: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
@@ -17861,6 +17938,8 @@ msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:391
 #: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
@@ -17868,11 +17947,14 @@ msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:393
 #: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 #, fuzzy
 msgid "As an example:"
 msgstr "Por ejemplo:"
 
 #: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17883,6 +17965,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17893,11 +17976,13 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 msgid "Project Detail"
 msgstr "Nombre de proyecto"
 
 #: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17906,32 +17991,39 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17941,6 +18033,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
@@ -17948,6 +18041,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17958,6 +18052,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17966,6 +18061,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
@@ -17973,6 +18069,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17983,6 +18080,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
@@ -17990,6 +18088,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
@@ -17997,12 +18096,14 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -18012,6 +18113,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -18023,6 +18125,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -18033,11 +18136,13 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 #, fuzzy
 msgid "Content-Types"
 msgstr "Contenido"
 
 #: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -18046,10 +18151,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -18058,18 +18165,22 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -18079,6 +18190,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -18087,11 +18199,13 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 msgid "Version + Format Selection"
 msgstr "Versión"
 
 #: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -18101,6 +18215,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
@@ -18108,18 +18223,21 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
@@ -18127,6 +18245,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
@@ -18134,12 +18253,14 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
@@ -18147,18 +18268,21 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -18167,6 +18291,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -18178,6 +18303,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -18187,6 +18313,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
@@ -18194,18 +18321,22 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
@@ -18213,6 +18344,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -18223,6 +18355,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -18233,6 +18366,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -18241,6 +18375,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18252,10 +18387,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
@@ -18263,10 +18400,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18276,10 +18415,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
@@ -18287,6 +18428,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
@@ -18294,6 +18436,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18302,12 +18445,14 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18318,11 +18463,13 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 #, fuzzy
 msgid "Endpoint Configuration"
 msgstr "Configuraciones habituales"
 
 #: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
@@ -18330,6 +18477,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18338,6 +18486,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18348,6 +18497,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18356,10 +18506,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18371,6 +18523,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18379,6 +18532,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18388,6 +18542,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18396,6 +18551,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18406,6 +18562,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
@@ -18413,12 +18570,14 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18427,6 +18586,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18436,10 +18596,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
@@ -18447,6 +18609,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18455,12 +18618,14 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18470,22 +18635,26 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18495,6 +18664,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
@@ -18502,22 +18672,26 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
@@ -18525,32 +18699,38 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18561,6 +18741,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18569,6 +18750,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18578,20 +18760,24 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18604,10 +18790,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18616,10 +18804,12 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18628,6 +18818,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18637,6 +18828,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
@@ -18644,6 +18836,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18653,6 +18846,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18662,42 +18856,50 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
 #: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
@@ -20871,7 +21073,6 @@ msgstr "Creación de documentación"
 
 #: ../source/specifications/well-known-project-urls.rst:125
 #, fuzzy
-#| msgid "``upload_docs``"
 msgid "``docs``"
 msgstr "``upload_docs``"
 
@@ -21630,7 +21831,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr "Próximos pasos"
 
@@ -22079,43 +22280,48 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
+"Se le pedirá un token de API. Utilice el valor del token, incluido el "
+"prefijo ``pypi-``. Ten en cuenta que la entrada estará oculta, así que "
+"asegúrate de pegarla correctamente."
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
-msgstr ""
+msgstr "Una vez completado el comando, debería ver una salida similar a ésta:"
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
+"Una vez subido, su paquete debería ser visible en TestPyPI; por ejemplo: "
+"``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr "Instalación de su paquete recién cargado"
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -22125,23 +22331,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -22149,28 +22355,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -22178,44 +22384,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
@@ -22225,6 +22431,463 @@ msgid ""
 "the file is empty)."
 msgstr ""
 
+#: ../source/guides/installing-scientific-packages.rst:13
+msgid ""
+"In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
+"most of the software in the `scientific Python stack <https://scientific-"
+"python.org>`_ can be configured to interoperate with different FORTRAN "
+"libraries, and can take advantage of different levels of vectorized "
+"instructions available in modern CPUs."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:19
+msgid ""
+"Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
+"32-bit and 64-bit binaries in the ``wheel`` format are available for all "
+"major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:121
+msgid ""
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
+"distribution published by Anaconda, Inc. It is a stable collection of Open "
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:135
+msgid ""
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
+msgstr ""
+
+#: ../source/key_projects.rst:407
+msgid ""
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
+msgstr ""
+
+#: ../source/key_projects.rst:416
+msgid ""
+"Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
+msgstr ""
+
+#: ../source/key_projects.rst:426
+msgid ""
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+#, fuzzy
+msgid "Attestation objects"
+msgstr "Un proyecto sencillo"
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:142
+msgid ""
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:147
+msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
 #~ msgid "``install``"
 #~ msgstr "``install``"
 
diff --git a/locales/fa/LC_MESSAGES/messages.po b/locales/fa/LC_MESSAGES/messages.po
index d62cf6ae5..2b98bf522 100644
--- a/locales/fa/LC_MESSAGES/messages.po
+++ b/locales/fa/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2023-02-15 07:52+0000\n"
 "Last-Translator: Arsalan Dehghani <arsalan.dehghani@gmail.com>\n"
 "Language-Team: Persian <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -608,7 +608,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1888,7 +1888,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 #, fuzzy
 msgid "Versioning"
 msgstr "ترجمه‌ها"
@@ -2642,29 +2642,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2673,19 +2660,32 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 #| msgid "Translations"
 msgid "Installed Project"
 msgstr "ترجمه‌ها"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5103,7 +5103,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5112,9 +5112,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5227,7 +5227,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5259,28 +5259,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8356,29 +8369,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8389,31 +8424,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9588,44 +9623,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9635,17 +9684,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9653,17 +9702,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9675,38 +9724,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9717,34 +9766,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9752,58 +9801,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9815,18 +9864,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9837,32 +9886,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9870,17 +9919,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9890,49 +9939,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9940,33 +9989,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9977,17 +10026,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9997,33 +10046,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10034,18 +10083,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10055,17 +10104,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10073,17 +10122,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10091,7 +10140,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10099,7 +10148,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10110,24 +10159,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10135,21 +10184,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10157,34 +10206,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12232,7 +12281,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13302,6 +13351,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13439,7 +13489,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 #, fuzzy
 msgid "Versions"
 msgstr "ترجمه‌ها"
@@ -15063,6 +15113,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15233,7 +15579,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17123,12 +17469,27 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "ترجمه‌ها"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17138,11 +17499,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17152,7 +17513,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17160,7 +17521,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17168,13 +17529,13 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 #| msgid "Translations"
 msgid "Installers"
 msgstr "ترجمه‌ها"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17184,7 +17545,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17194,14 +17555,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17211,7 +17572,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17219,7 +17580,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17228,38 +17589,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17270,29 +17631,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17301,7 +17662,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17311,48 +17672,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17361,7 +17722,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17373,7 +17734,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17383,18 +17744,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17402,11 +17763,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17414,7 +17775,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17424,7 +17785,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17434,7 +17795,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17442,28 +17803,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17472,38 +17833,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "ترجمه‌ها"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17511,19 +17872,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17532,41 +17893,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17576,7 +17937,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17586,11 +17947,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17598,33 +17959,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17633,14 +17994,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17650,7 +18011,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17658,14 +18019,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17675,27 +18036,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17704,7 +18065,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17715,7 +18076,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17725,11 +18094,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17737,11 +18106,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17749,19 +18118,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17770,7 +18139,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17778,12 +18147,12 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 msgid "Version + Format Selection"
 msgstr "ترجمه‌ها"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17792,65 +18161,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17858,7 +18227,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17869,7 +18238,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17878,33 +18247,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17914,7 +18283,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17924,7 +18293,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17932,7 +18301,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17943,22 +18312,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17967,25 +18336,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17993,13 +18362,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18009,18 +18378,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18028,7 +18397,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18038,7 +18407,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18046,11 +18415,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18061,7 +18430,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18069,7 +18438,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18078,7 +18447,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18086,7 +18455,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18096,20 +18465,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18117,7 +18486,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18126,18 +18495,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18145,13 +18514,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18160,23 +18529,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18185,63 +18554,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18251,7 +18620,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18259,7 +18628,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18268,21 +18637,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18294,11 +18663,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18306,11 +18675,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18318,7 +18687,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18327,14 +18696,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18343,7 +18712,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18352,48 +18721,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21306,7 +21681,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21755,43 +22130,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21801,23 +22176,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21825,28 +22200,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21854,44 +22229,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/fil/LC_MESSAGES/messages.po b/locales/fil/LC_MESSAGES/messages.po
index 7a27483c0..1f5057f2c 100644
--- a/locales/fil/LC_MESSAGES/messages.po
+++ b/locales/fil/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2022-11-19 08:28+0000\n"
 "Last-Translator: RedFurrFox <redfurryfoxgaming@gmail.com>\n"
 "Language-Team: Filipino <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -610,7 +610,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1888,7 +1888,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2639,29 +2639,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2670,17 +2657,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5091,7 +5091,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5100,9 +5100,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5215,7 +5215,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5247,28 +5247,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8336,29 +8349,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8369,31 +8404,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9568,44 +9603,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9615,17 +9664,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9633,17 +9682,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9655,38 +9704,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9697,34 +9746,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9732,58 +9781,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9795,18 +9844,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9817,32 +9866,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9850,17 +9899,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9870,49 +9919,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9920,33 +9969,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9957,17 +10006,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9977,33 +10026,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10014,18 +10063,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10035,17 +10084,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10053,17 +10102,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10071,7 +10120,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10079,7 +10128,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10090,24 +10139,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10115,21 +10164,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10137,34 +10186,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12212,7 +12261,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13282,6 +13331,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13419,7 +13469,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15042,6 +15092,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15212,7 +15558,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17100,11 +17446,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17114,11 +17475,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17128,7 +17489,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17136,7 +17497,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17144,11 +17505,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17158,7 +17519,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17168,14 +17529,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17185,7 +17546,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17193,7 +17554,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17202,38 +17563,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17244,29 +17605,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17275,7 +17636,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17285,48 +17646,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17335,7 +17696,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17347,7 +17708,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17357,18 +17718,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17376,11 +17737,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17388,7 +17749,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17398,7 +17759,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17408,7 +17769,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17416,28 +17777,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17446,37 +17807,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17484,19 +17845,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17505,41 +17866,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17549,7 +17910,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17559,11 +17920,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17571,33 +17932,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17606,14 +17967,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17623,7 +17984,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17631,14 +17992,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17648,27 +18009,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17677,7 +18038,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17688,7 +18049,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17698,11 +18067,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17710,11 +18079,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17722,19 +18091,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17743,7 +18112,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17751,11 +18120,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17764,65 +18133,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17830,7 +18199,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17841,7 +18210,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17850,33 +18219,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17886,7 +18255,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17896,7 +18265,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17904,7 +18273,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17915,22 +18284,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17939,25 +18308,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17965,13 +18334,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17981,18 +18350,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18000,7 +18369,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18010,7 +18379,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18018,11 +18387,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18033,7 +18402,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18041,7 +18410,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18050,7 +18419,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18058,7 +18427,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18068,20 +18437,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18089,7 +18458,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18098,18 +18467,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18117,13 +18486,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18132,23 +18501,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18157,63 +18526,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18223,7 +18592,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18231,7 +18600,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18240,21 +18609,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18266,11 +18635,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18278,11 +18647,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18290,7 +18659,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18299,14 +18668,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18315,7 +18684,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18324,48 +18693,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21269,7 +21644,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21718,43 +22093,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21764,23 +22139,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21788,28 +22163,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21817,44 +22192,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/fr/LC_MESSAGES/messages.po b/locales/fr/LC_MESSAGES/messages.po
index 7c09df79a..f66db8351 100644
--- a/locales/fr/LC_MESSAGES/messages.po
+++ b/locales/fr/LC_MESSAGES/messages.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-09-21 00:40+0000\n"
 "Last-Translator: Pierre PETAT <pierrepetat@hotmail.fr>\n"
 "Language-Team: French <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -715,7 +715,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr "Unix (en incluant Linux et macOS)"
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr "pex"
 
@@ -2036,7 +2036,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 #, fuzzy
 msgid "Versioning"
 msgstr "Traductions"
@@ -2793,29 +2793,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2824,18 +2811,31 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 msgid "Installed Project"
 msgstr "Installateur"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "Module"
@@ -5272,7 +5272,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5281,9 +5281,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5396,7 +5396,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5428,28 +5428,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8541,29 +8554,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8574,31 +8609,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9784,44 +9819,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9831,17 +9880,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9849,17 +9898,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9871,38 +9920,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9913,35 +9962,35 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 #, fuzzy
 msgid "meson-python"
 msgstr "python"
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9949,58 +9998,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -10012,18 +10061,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -10034,32 +10083,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -10067,17 +10116,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -10087,50 +10136,50 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 #, fuzzy
 msgid "Pulp-python"
 msgstr "python"
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -10138,33 +10187,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10175,17 +10224,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10195,33 +10244,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10232,18 +10281,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10253,17 +10302,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10271,17 +10320,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10289,7 +10338,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10297,7 +10346,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10308,24 +10357,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10333,21 +10382,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10355,34 +10404,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12430,7 +12479,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13500,6 +13549,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr "Spécification"
@@ -13637,7 +13687,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 #, fuzzy
 msgid "Versions"
 msgstr "Traductions"
@@ -15271,6 +15321,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15443,7 +15789,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17341,12 +17687,27 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "Traductions"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17356,11 +17717,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17370,7 +17731,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17378,7 +17739,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17386,12 +17747,12 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 msgid "Installers"
 msgstr "Installateur"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17401,7 +17762,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17411,14 +17772,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17428,7 +17789,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17436,7 +17797,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17445,38 +17806,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17487,29 +17848,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17518,7 +17879,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17528,49 +17889,49 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 #, fuzzy
 msgid "Clients"
 msgstr "Contenu"
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17579,7 +17940,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17591,7 +17952,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17601,18 +17962,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17620,11 +17981,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17632,7 +17993,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17642,7 +18003,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17652,7 +18013,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17660,28 +18021,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17690,38 +18051,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "Traductions"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17729,19 +18090,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17750,43 +18111,43 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 msgid "Project List"
 msgstr "Projet"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 #, fuzzy
 msgid "As an example:"
 msgstr "Exemples"
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17796,7 +18157,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17806,12 +18167,12 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 msgid "Project Detail"
 msgstr "Nom du projet"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17819,33 +18180,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17854,14 +18215,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17871,7 +18232,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17879,14 +18240,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17896,27 +18257,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17925,7 +18286,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17936,7 +18297,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17946,12 +18315,12 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 #, fuzzy
 msgid "Content-Types"
 msgstr "Contenu"
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17959,11 +18328,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17971,19 +18340,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17992,7 +18361,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -18000,12 +18369,12 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 msgid "Version + Format Selection"
 msgstr "Traductions"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -18014,65 +18383,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -18080,7 +18449,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -18091,7 +18460,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -18100,33 +18469,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -18136,7 +18505,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -18146,7 +18515,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -18154,7 +18523,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18165,22 +18534,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18189,25 +18558,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18215,13 +18584,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18231,18 +18600,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18250,7 +18619,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18260,7 +18629,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18268,11 +18637,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18283,7 +18652,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18291,7 +18660,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18300,7 +18669,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18308,7 +18677,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18318,20 +18687,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18339,7 +18708,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18348,18 +18717,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18367,13 +18736,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18382,23 +18751,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18407,63 +18776,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18473,7 +18842,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18481,7 +18850,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18490,22 +18859,22 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 #, fuzzy
 msgid "Additional file information"
 msgstr "Outils supplémentaires"
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18517,11 +18886,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18529,11 +18898,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18541,7 +18910,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18550,14 +18919,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18566,7 +18935,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18575,48 +18944,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21537,7 +21912,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21986,43 +22361,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -22032,23 +22407,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -22056,28 +22431,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -22085,44 +22460,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/frc/LC_MESSAGES/messages.po b/locales/frc/LC_MESSAGES/messages.po
index 4f77809ca..a35d8dd28 100644
--- a/locales/frc/LC_MESSAGES/messages.po
+++ b/locales/frc/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -604,7 +604,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1882,7 +1882,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2633,29 +2633,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2664,17 +2651,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5085,7 +5085,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5094,9 +5094,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5209,7 +5209,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5241,28 +5241,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8330,29 +8343,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8363,31 +8398,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9562,44 +9597,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9609,17 +9658,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9627,17 +9676,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9649,38 +9698,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9691,34 +9740,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9726,58 +9775,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9789,18 +9838,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9811,32 +9860,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9844,17 +9893,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9864,49 +9913,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9914,33 +9963,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9951,17 +10000,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9971,33 +10020,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10008,18 +10057,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10029,17 +10078,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10047,17 +10096,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10065,7 +10114,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10073,7 +10122,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10084,24 +10133,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10109,21 +10158,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10131,34 +10180,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12206,7 +12255,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13276,6 +13325,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13413,7 +13463,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15036,6 +15086,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15206,7 +15552,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17094,11 +17440,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17108,11 +17469,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17122,7 +17483,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17130,7 +17491,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17138,11 +17499,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17152,7 +17513,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17162,14 +17523,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17179,7 +17540,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17187,7 +17548,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17196,38 +17557,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17238,29 +17599,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17269,7 +17630,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17279,48 +17640,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17329,7 +17690,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17341,7 +17702,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17351,18 +17712,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17370,11 +17731,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17382,7 +17743,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17392,7 +17753,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17402,7 +17763,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17410,28 +17771,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17440,37 +17801,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17478,19 +17839,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17499,41 +17860,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17543,7 +17904,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17553,11 +17914,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17565,33 +17926,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17600,14 +17961,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17617,7 +17978,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17625,14 +17986,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17642,27 +18003,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17671,7 +18032,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17682,7 +18043,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17692,11 +18061,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17704,11 +18073,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17716,19 +18085,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17737,7 +18106,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17745,11 +18114,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17758,65 +18127,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17824,7 +18193,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17835,7 +18204,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17844,33 +18213,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17880,7 +18249,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17890,7 +18259,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17898,7 +18267,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17909,22 +18278,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17933,25 +18302,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17959,13 +18328,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17975,18 +18344,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17994,7 +18363,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18004,7 +18373,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18012,11 +18381,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18027,7 +18396,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18035,7 +18404,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18044,7 +18413,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18052,7 +18421,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18062,20 +18431,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18083,7 +18452,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18092,18 +18461,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18111,13 +18480,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18126,23 +18495,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18151,63 +18520,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18217,7 +18586,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18225,7 +18594,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18234,21 +18603,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18260,11 +18629,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18272,11 +18641,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18284,7 +18653,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18293,14 +18662,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18309,7 +18678,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18318,48 +18687,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21263,7 +21638,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21712,43 +22087,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21758,23 +22133,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21782,28 +22157,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21811,44 +22186,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/gl/LC_MESSAGES/messages.po b/locales/gl/LC_MESSAGES/messages.po
index 0388a8a23..eace23e41 100644
--- a/locales/gl/LC_MESSAGES/messages.po
+++ b/locales/gl/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -604,7 +604,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1882,7 +1882,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2633,29 +2633,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2664,17 +2651,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5085,7 +5085,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5094,9 +5094,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5209,7 +5209,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5241,28 +5241,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8330,29 +8343,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8363,31 +8398,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9562,44 +9597,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9609,17 +9658,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9627,17 +9676,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9649,38 +9698,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9691,34 +9740,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9726,58 +9775,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9789,18 +9838,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9811,32 +9860,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9844,17 +9893,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9864,49 +9913,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9914,33 +9963,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9951,17 +10000,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9971,33 +10020,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10008,18 +10057,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10029,17 +10078,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10047,17 +10096,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10065,7 +10114,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10073,7 +10122,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10084,24 +10133,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10109,21 +10158,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10131,34 +10180,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12206,7 +12255,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13276,6 +13325,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13413,7 +13463,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15036,6 +15086,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15206,7 +15552,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17094,11 +17440,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17108,11 +17469,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17122,7 +17483,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17130,7 +17491,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17138,11 +17499,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17152,7 +17513,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17162,14 +17523,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17179,7 +17540,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17187,7 +17548,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17196,38 +17557,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17238,29 +17599,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17269,7 +17630,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17279,48 +17640,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17329,7 +17690,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17341,7 +17702,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17351,18 +17712,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17370,11 +17731,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17382,7 +17743,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17392,7 +17753,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17402,7 +17763,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17410,28 +17771,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17440,37 +17801,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17478,19 +17839,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17499,41 +17860,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17543,7 +17904,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17553,11 +17914,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17565,33 +17926,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17600,14 +17961,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17617,7 +17978,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17625,14 +17986,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17642,27 +18003,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17671,7 +18032,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17682,7 +18043,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17692,11 +18061,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17704,11 +18073,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17716,19 +18085,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17737,7 +18106,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17745,11 +18114,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17758,65 +18127,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17824,7 +18193,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17835,7 +18204,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17844,33 +18213,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17880,7 +18249,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17890,7 +18259,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17898,7 +18267,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17909,22 +18278,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17933,25 +18302,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17959,13 +18328,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17975,18 +18344,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17994,7 +18363,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18004,7 +18373,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18012,11 +18381,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18027,7 +18396,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18035,7 +18404,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18044,7 +18413,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18052,7 +18421,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18062,20 +18431,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18083,7 +18452,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18092,18 +18461,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18111,13 +18480,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18126,23 +18495,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18151,63 +18520,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18217,7 +18586,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18225,7 +18594,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18234,21 +18603,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18260,11 +18629,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18272,11 +18641,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18284,7 +18653,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18293,14 +18662,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18309,7 +18678,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18318,48 +18687,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21263,7 +21638,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21712,43 +22087,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21758,23 +22133,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21782,28 +22157,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21811,44 +22186,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/gmh/LC_MESSAGES/messages.po b/locales/gmh/LC_MESSAGES/messages.po
index 0328bdb58..e76739d59 100644
--- a/locales/gmh/LC_MESSAGES/messages.po
+++ b/locales/gmh/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -604,7 +604,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1882,7 +1882,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2633,29 +2633,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2664,17 +2651,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5085,7 +5085,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5094,9 +5094,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5209,7 +5209,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5241,28 +5241,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8330,29 +8343,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8363,31 +8398,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9562,44 +9597,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9609,17 +9658,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9627,17 +9676,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9649,38 +9698,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9691,34 +9740,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9726,58 +9775,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9789,18 +9838,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9811,32 +9860,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9844,17 +9893,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9864,49 +9913,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9914,33 +9963,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9951,17 +10000,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9971,33 +10020,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10008,18 +10057,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10029,17 +10078,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10047,17 +10096,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10065,7 +10114,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10073,7 +10122,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10084,24 +10133,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10109,21 +10158,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10131,34 +10180,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12206,7 +12255,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13276,6 +13325,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13413,7 +13463,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15036,6 +15086,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15206,7 +15552,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17094,11 +17440,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17108,11 +17469,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17122,7 +17483,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17130,7 +17491,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17138,11 +17499,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17152,7 +17513,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17162,14 +17523,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17179,7 +17540,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17187,7 +17548,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17196,38 +17557,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17238,29 +17599,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17269,7 +17630,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17279,48 +17640,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17329,7 +17690,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17341,7 +17702,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17351,18 +17712,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17370,11 +17731,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17382,7 +17743,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17392,7 +17753,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17402,7 +17763,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17410,28 +17771,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17440,37 +17801,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17478,19 +17839,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17499,41 +17860,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17543,7 +17904,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17553,11 +17914,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17565,33 +17926,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17600,14 +17961,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17617,7 +17978,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17625,14 +17986,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17642,27 +18003,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17671,7 +18032,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17682,7 +18043,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17692,11 +18061,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17704,11 +18073,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17716,19 +18085,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17737,7 +18106,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17745,11 +18114,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17758,65 +18127,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17824,7 +18193,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17835,7 +18204,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17844,33 +18213,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17880,7 +18249,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17890,7 +18259,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17898,7 +18267,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17909,22 +18278,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17933,25 +18302,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17959,13 +18328,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17975,18 +18344,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17994,7 +18363,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18004,7 +18373,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18012,11 +18381,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18027,7 +18396,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18035,7 +18404,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18044,7 +18413,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18052,7 +18421,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18062,20 +18431,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18083,7 +18452,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18092,18 +18461,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18111,13 +18480,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18126,23 +18495,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18151,63 +18520,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18217,7 +18586,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18225,7 +18594,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18234,21 +18603,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18260,11 +18629,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18272,11 +18641,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18284,7 +18653,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18293,14 +18662,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18309,7 +18678,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18318,48 +18687,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21263,7 +21638,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21712,43 +22087,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21758,23 +22133,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21782,28 +22157,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21811,44 +22186,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/hi/LC_MESSAGES/messages.po b/locales/hi/LC_MESSAGES/messages.po
index bdd3fc82d..1c440c337 100644
--- a/locales/hi/LC_MESSAGES/messages.po
+++ b/locales/hi/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-09-16 10:09+0000\n"
 "Last-Translator: kumar Shivam <rajputshivam.cse@gmail.com>\n"
 "Language-Team: Hindi <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -613,7 +613,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1898,7 +1898,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2649,29 +2649,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2680,19 +2667,32 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 #| msgid "Installing packages"
 msgid "Installed Project"
 msgstr "पैकेज प्रतिष्ठापन"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5119,7 +5119,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5128,9 +5128,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5243,7 +5243,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5275,28 +5275,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8384,29 +8397,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8417,31 +8452,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9616,44 +9651,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9663,17 +9712,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9681,17 +9730,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9703,38 +9752,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9745,34 +9794,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9780,58 +9829,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9843,18 +9892,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9865,32 +9914,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9898,17 +9947,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9918,49 +9967,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9968,33 +10017,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10005,17 +10054,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10025,33 +10074,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10062,18 +10111,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10083,17 +10132,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10101,17 +10150,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10119,7 +10168,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10127,7 +10176,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10138,24 +10187,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10163,21 +10212,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10185,34 +10234,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12260,7 +12309,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13330,6 +13379,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13467,7 +13517,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15095,6 +15145,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15265,7 +15611,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17153,11 +17499,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17167,11 +17528,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17181,7 +17542,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17189,7 +17550,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17197,13 +17558,13 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 #| msgid "Installing packages"
 msgid "Installers"
 msgstr "पैकेज प्रतिष्ठापन"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17213,7 +17574,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17223,14 +17584,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17240,7 +17601,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17248,7 +17609,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17257,38 +17618,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17299,29 +17660,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17330,7 +17691,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17340,48 +17701,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17390,7 +17751,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17402,7 +17763,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17412,18 +17773,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17431,11 +17792,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17443,7 +17804,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17453,7 +17814,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17463,7 +17824,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17471,28 +17832,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17501,37 +17862,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17539,19 +17900,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17560,43 +17921,43 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 #| msgid "Project name"
 msgid "Project List"
 msgstr "परियोजना"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17606,7 +17967,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17616,13 +17977,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 #| msgid "Project name"
 msgid "Project Detail"
 msgstr "परियोजना"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17630,33 +17991,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17665,14 +18026,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17682,7 +18043,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17690,14 +18051,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17707,27 +18068,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17736,7 +18097,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17747,7 +18108,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17757,11 +18126,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17769,11 +18138,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17781,19 +18150,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17802,7 +18171,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17810,11 +18179,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17823,65 +18192,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17889,7 +18258,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17900,7 +18269,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17909,33 +18278,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17945,7 +18314,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17955,7 +18324,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17963,7 +18332,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17974,22 +18343,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17998,25 +18367,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18024,13 +18393,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18040,18 +18409,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18059,7 +18428,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18069,7 +18438,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18077,11 +18446,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18092,7 +18461,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18100,7 +18469,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18109,7 +18478,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18117,7 +18486,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18127,20 +18496,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18148,7 +18517,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18157,18 +18526,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18176,13 +18545,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18191,23 +18560,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18216,63 +18585,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18282,7 +18651,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18290,7 +18659,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18299,21 +18668,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18325,11 +18694,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18337,11 +18706,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18349,7 +18718,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18358,14 +18727,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18374,7 +18743,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18383,48 +18752,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21330,7 +21705,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21779,43 +22154,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21825,23 +22200,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21849,28 +22224,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21878,44 +22253,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/id/LC_MESSAGES/messages.po b/locales/id/LC_MESSAGES/messages.po
index 22531d1eb..9346fa7cd 100644
--- a/locales/id/LC_MESSAGES/messages.po
+++ b/locales/id/LC_MESSAGES/messages.po
@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-10-17 21:16+0000\n"
 "Last-Translator: oon arfiandwi <oon.arfiandwi@gmail.com>\n"
 "Language-Team: Indonesian <https://hosted.weblate.org/projects/pypa/"
@@ -638,7 +638,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1922,7 +1922,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 #, fuzzy
 msgid "Versioning"
 msgstr "Penerjemahan"
@@ -2676,29 +2676,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2707,19 +2694,32 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 #| msgid "Translations"
 msgid "Installed Project"
 msgstr "Penerjemahan"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5137,7 +5137,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5146,9 +5146,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5261,7 +5261,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5293,28 +5293,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8390,29 +8403,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8423,31 +8458,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9622,44 +9657,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9669,17 +9718,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9687,17 +9736,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9709,38 +9758,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9751,34 +9800,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9786,58 +9835,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9849,18 +9898,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9871,32 +9920,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9904,17 +9953,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9924,49 +9973,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9974,33 +10023,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10011,17 +10060,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10031,33 +10080,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10068,18 +10117,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10089,17 +10138,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10107,17 +10156,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10125,7 +10174,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10133,7 +10182,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10144,24 +10193,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10169,21 +10218,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10191,34 +10240,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12266,7 +12315,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13336,6 +13385,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr "Spesifikasi"
@@ -13473,7 +13523,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 #, fuzzy
 msgid "Versions"
 msgstr "Penerjemahan"
@@ -15099,6 +15149,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15271,7 +15617,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17161,12 +17507,27 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "Penerjemahan"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17176,11 +17537,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17190,7 +17551,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17198,7 +17559,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17206,13 +17567,13 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 #| msgid "Translations"
 msgid "Installers"
 msgstr "Penerjemahan"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17222,7 +17583,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17232,14 +17593,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17249,7 +17610,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17257,7 +17618,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17266,38 +17627,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17308,29 +17669,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17339,7 +17700,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17349,48 +17710,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17399,7 +17760,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17411,7 +17772,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17421,18 +17782,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17440,11 +17801,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17452,7 +17813,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17462,7 +17823,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17472,7 +17833,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17480,28 +17841,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17510,38 +17871,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "Penerjemahan"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17549,19 +17910,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17570,41 +17931,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17614,7 +17975,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17624,11 +17985,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17636,33 +17997,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17671,14 +18032,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17688,7 +18049,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17696,14 +18057,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17713,27 +18074,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17742,7 +18103,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17753,7 +18114,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17763,11 +18132,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17775,11 +18144,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17787,19 +18156,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17808,7 +18177,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17816,12 +18185,12 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 msgid "Version + Format Selection"
 msgstr "Penerjemahan"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17830,65 +18199,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17896,7 +18265,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17907,7 +18276,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17916,33 +18285,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17952,7 +18321,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17962,7 +18331,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17970,7 +18339,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17981,22 +18350,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18005,25 +18374,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18031,13 +18400,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18047,18 +18416,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18066,7 +18435,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18076,7 +18445,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18084,11 +18453,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18099,7 +18468,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18107,7 +18476,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18116,7 +18485,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18124,7 +18493,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18134,20 +18503,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18155,7 +18524,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18164,18 +18533,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18183,13 +18552,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18198,23 +18567,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18223,63 +18592,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18289,7 +18658,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18297,7 +18666,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18306,21 +18675,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18332,11 +18701,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18344,11 +18713,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18356,7 +18725,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18365,14 +18734,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18381,7 +18750,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18390,48 +18759,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21344,7 +21719,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21793,43 +22168,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21839,23 +22214,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr "dan *import* package tersebut:"
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21863,28 +22238,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21892,44 +22267,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/ja/LC_MESSAGES/messages.po b/locales/ja/LC_MESSAGES/messages.po
index edaf28cdc..4b09c9ae1 100644
--- a/locales/ja/LC_MESSAGES/messages.po
+++ b/locales/ja/LC_MESSAGES/messages.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-06-19 16:34+0000\n"
-"PO-Revision-Date: 2024-11-03 06:00+0000\n"
+"PO-Revision-Date: 2024-11-22 01:00+0000\n"
 "Last-Translator: moto kawasaki <moto@kawasaki3.org>\n"
 "Language-Team: Japanese <https://hosted.weblate.org/projects/pypa/"
 "packaging-python-org/ja/>\n"
@@ -19,7 +19,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Weblate 5.8.2\n"
+"X-Generator: Weblate 5.9-dev\n"
 
 #: ../source/contribute.rst:5
 msgid "Contribute to this guide"
@@ -2644,7 +2644,7 @@ msgstr ""
 #: ../source/discussions/versioning.rst:158
 #: ../source/specifications/version-specifiers.rst:114
 msgid "Local version identifiers"
-msgstr "ローカルバージョン指定子"
+msgstr "ローカルバージョン識別子"
 
 #: ../source/discussions/versioning.rst:160
 msgid ""
@@ -24675,7 +24675,7 @@ msgstr ""
 
 #: ../source/specifications/version-specifiers.rst:43
 msgid "Version scheme"
-msgstr "バージョン枠組み"
+msgstr "バージョン番号枠組み"
 
 #: ../source/specifications/version-specifiers.rst:45
 msgid ""
@@ -25532,10 +25532,15 @@ msgid ""
 "using the ``.`` character. This allows versions such as ``1.0+ubuntu-1`` to "
 "be normalized to ``1.0+ubuntu.1``."
 msgstr ""
+"構成部分のセパレータとして ``.`` を使うことに加えて、"
+"ローカルバージョン番号を使えば ``-`` や ``_`` "
+"の使用も受け入れ可能です。標準形式は、 ``.`` "
+"文字を使うことです。これによって、標準化すれば ``1.0+ubuntu.1`` となる ``1."
+"0+ubuntu-1`` のようなバージョン番号も許容されます。"
 
 #: ../source/specifications/version-specifiers.rst:519
 msgid "Preceding v character"
-msgstr ""
+msgstr "先駆する v の文字"
 
 #: ../source/specifications/version-specifiers.rst:521
 msgid ""
@@ -25545,10 +25550,15 @@ msgid ""
 "version. The same version with and without the ``v`` is considered "
 "equivalent."
 msgstr ""
+"よくあるバージョン番号の表記方法である ``v1.0`` の形をサポートするために、"
+"バージョン番号は単独の ``v`` の文字が先行していても構いません。この文字は、あ"
+"らゆる目的において無視されなければならず、バージョン番号の標準化された形式で"
+"は省略されるべきです。 ``v`` "
+"の有無だけが異なるバージョン番号は、同一のものと見做されます。"
 
 #: ../source/specifications/version-specifiers.rst:528
 msgid "Leading and Trailing Whitespace"
-msgstr ""
+msgstr "先行する空白文字や後続する空白文字"
 
 #: ../source/specifications/version-specifiers.rst:530
 msgid ""
@@ -25558,11 +25568,17 @@ msgid ""
 "be handled sensibly, such as a version like ``1.0\\n`` which normalizes to "
 "``1.0``."
 msgstr ""
+"先行する空白文字や後続する空白文字は暗黙の裡に無視されなければならず、バージ"
+"ョン番号の標準化された形式では除去されなければなりません。これには ``\"\"`` "
+"・ ``\\t`` ・ ``\\n"
+"`` ・ ``\\r`` ・ ``\\f`` ・ ``\\v`` が含まれます。これによって、標準化すれば "
+"``1.0`` となる ``1.0\\n"
+"`` のようなバージョン番号に見られる、偶然に入り込んだ空白文字を実用的に取り扱"
+"うことができます。"
 
 #: ../source/specifications/version-specifiers.rst:537
-#, fuzzy
 msgid "Examples of compliant version schemes"
-msgstr "規定に合致したバージョン番号の例を次に示す::"
+msgstr "枠組みに合致したバージョン番号の例"
 
 #: ../source/specifications/version-specifiers.rst:539
 msgid ""
@@ -25573,6 +25589,12 @@ msgid ""
 "figuring out the relative order of versions, even though the rules above "
 "ensure all compliant tools will order them consistently."
 msgstr ""
+"標準のバージョン番号の枠組みは、公開・非公開の Python プロジェクトにおける識"
+"別の慣行を広い範囲で包含するように設計されています。実際上、ある単独のプロジ"
+"ェクトでこの枠組みが提供するあらゆる自由度を使おうと試みるなら、上述のルール"
+"に従うすべてのツールが首尾一貫して順序をつけることができる一方で、人間のユー"
+"ザにとってはバージョン番号間の相対的な順序を解き明かすことに困難を感じること"
+"になるでしょう。"
 
 #: ../source/specifications/version-specifiers.rst:546
 msgid ""
@@ -25581,36 +25603,41 @@ msgid ""
 "ensuring that the \"latest release\" and the \"latest stable release\" can "
 "be easily determined, both by human users and automated tools."
 msgstr ""
+"この後に、プロジェクトがそのリリースを識別するために選択するかもしれない異な"
+"るアプローチで、 \"最新リリース\" と \"最新のステーブルリリース\" を人間も自"
+"動化ツールも簡単に決定できることが保証されたもののいくつかの例を示します。"
 
 #: ../source/specifications/version-specifiers.rst:551
-#, fuzzy
 msgid "Simple \"major.minor\" versioning::"
-msgstr "一連番号によるバージョン付与"
+msgstr "単純な \"メジャー.マイナー\" バージョン付け::"
 
 #: ../source/specifications/version-specifiers.rst:560
 msgid "Simple \"major.minor.micro\" versioning::"
-msgstr ""
+msgstr "単純な \"メジャー.マイナー.マイクロ\" バージョン付け::"
 
 #: ../source/specifications/version-specifiers.rst:568
 msgid ""
 "\"major.minor\" versioning with alpha, beta and candidate pre-releases::"
-msgstr ""
+msgstr "アルファ・ベータや公開候補 <candidate> のようなプレリリースを伴う \"メジャー."
+"マイナー\" バージョン付け::"
 
 #: ../source/specifications/version-specifiers.rst:580
 msgid ""
 "\"major.minor\" versioning with developmental releases, release candidates "
 "and post-releases for minor corrections::"
 msgstr ""
+"開発リリース <developmental releases> 、リリース候補 <release candidates> "
+"やポストリリースのある \"メジャー.マイナー\" バージョン付け::"
 
 #: ../source/specifications/version-specifiers.rst:595
 msgid ""
 "Date based releases, using an incrementing serial within each year, skipping "
 "zero::"
-msgstr ""
+msgstr "ゼロを飛ばして各年の中で増加するシリアル値を使った日付ベースのリリース番号::"
 
 #: ../source/specifications/version-specifiers.rst:609
 msgid "Summary of permitted suffixes and relative ordering"
-msgstr ""
+msgstr "許容される接尾辞と相対的な順序付けのまとめ"
 
 #: ../source/specifications/version-specifiers.rst:613
 msgid ""
@@ -25618,6 +25645,9 @@ msgid ""
 "process distribution metadata, rather than developers of Python "
 "distributions deciding on a versioning scheme."
 msgstr ""
+"この節では、バージョニング方法を決めようとしている Python 配布物の開発者向け"
+"というよりは、むしろ、一義的には配布物のメタデータを自動的に処理するツールの"
+"作者に向けて書かれています。"
 
 #: ../source/specifications/version-specifiers.rst:617
 msgid ""
@@ -25625,6 +25655,9 @@ msgid ""
 "numeric value of the given epoch. If no epoch segment is present, the "
 "implicit numeric value is ``0``."
 msgstr ""
+"バージョン識別子のエポック構成部分は、当該エポックの数値としての値に従って整"
+"序されなければなりません。エポック構成部分が存在しない場合には、暗黙のうちに "
+"``0`` の値と解釈します。"
 
 #: ../source/specifications/version-specifiers.rst:621
 msgid ""
@@ -25632,18 +25665,24 @@ msgid ""
 "as Python's tuple sorting when the normalized release segment is parsed as "
 "follows::"
 msgstr ""
+"バージョン識別子のリリース構成部分は、"
+"標準化されたリリース構成部分を解釈する時には以下のように Python "
+"のタプルソーティングと同じ順序で格納されていなければなりません::"
 
 #: ../source/specifications/version-specifiers.rst:627
 msgid ""
 "All release segments involved in the comparison MUST be converted to a "
 "consistent length by padding shorter segments with zeros as needed."
-msgstr ""
+msgstr "比較に関わるすべてのリリース構成部分は、必要に応じて不足する構成部分にゼロを"
+"補填することで長さを一致させなければなりません。"
 
 #: ../source/specifications/version-specifiers.rst:630
 msgid ""
 "Within a numeric release (``1.0``, ``2.7.3``), the following suffixes are "
 "permitted and MUST be ordered as shown::"
 msgstr ""
+"リリース番号の数字部分 (``1.0`` や ``2.7.3``) の中では、後述の接尾辞が許され"
+"ており、下に示す通りに順序付けをしなければなりません::"
 
 #: ../source/specifications/version-specifiers.rst:635
 msgid ""
@@ -25652,6 +25691,11 @@ msgid ""
 "same ``N`` for both a ``c`` and a ``rc`` in the same release segment as "
 "ambiguous and remain in compliance with the specification."
 msgstr ""
+"``c`` が意味の上で ``rc`` と同等のものであると見做されていて、恰も本当に "
+"``rc`` であるかのように並べ替えされる点を銘記してください。ツール群は、"
+"同じリリース構成部分内に ``c`` と ``rc`` の両方に同一の ``N`` を付けたものが"
+"来た場合には曖昧であるとしてこれを拒否しても構いませんが、これでも仕様には合"
+"致しています。"
 
 #: ../source/specifications/version-specifiers.rst:640
 msgid ""
@@ -25659,12 +25703,16 @@ msgid ""
 "(``1.0rc1``, ``1.0c1``), the following suffixes are permitted and MUST be "
 "ordered as shown::"
 msgstr ""
+"アルファ (``1.0a1``) 、ベータ (``1.0b1``) 、あるいはリリース候補 (``1.0rc1``"
+", ``1.0c1``) の中では、後述の接尾辞が許されていて、示される通りに並べ替えられ"
+"なければなりません::"
 
 #: ../source/specifications/version-specifiers.rst:646
 msgid ""
 "Within a post-release (``1.0.post1``), the following suffixes are permitted "
 "and MUST be ordered as shown::"
-msgstr ""
+msgstr "ポストリリース (``1.0.post1``) の中では、後述の接尾辞が許されていて、示す通り"
+"に並べ替えられなければなりません::"
 
 #: ../source/specifications/version-specifiers.rst:651
 msgid ""
@@ -25672,20 +25720,26 @@ msgid ""
 "used immediately following a numeric version (e.g. ``1.0.dev456``, ``1.0."
 "post1``)."
 msgstr ""
+"バージョン番号の数字部分の直後に置く場合 (例えば ``1.0.dev456`` や ``1.0."
+"post1``) であっても、 ``devN`` と ``postN`` "
+"は、常にドットに後続しなければならないことを銘記してください。"
 
 #: ../source/specifications/version-specifiers.rst:655
 msgid ""
 "Within a pre-release, post-release or development release segment with a "
 "shared prefix, ordering MUST be by the value of the numeric component."
 msgstr ""
+"共通の先行部分を持つプレリリース構成部分、ポストリリース構成部分、あるいは開"
+"発リリース構成部分の中で、数値部分の値に従って順序付けをしなければなりません"
+"。"
 
 #: ../source/specifications/version-specifiers.rst:658
 msgid "The following example covers many of the possible combinations::"
-msgstr ""
+msgstr "可能なバージョン番号の例を以下に示します::"
 
 #: ../source/specifications/version-specifiers.rst:683
 msgid "Version ordering across different metadata versions"
-msgstr ""
+msgstr "相異なるメタデータバージョンを通してバージョン番号を順序付けする"
 
 #: ../source/specifications/version-specifiers.rst:685
 msgid ""
@@ -25693,6 +25747,10 @@ msgid ""
 "standard version identification or ordering scheme. However metadata v1.2 (:"
 "pep:`345`) does specify a scheme which is defined in :pep:`386`."
 msgstr ""
+"メタデータ v1.0 (pep:`241`) および メタデータ (:pep:`314`) は、標準となるバー"
+"ジョン番号の識別や順序付けの枠組みを指定していません。しかしながら、"
+"メタデータ v1.2 (:pep:`345`) では、 :pep:`386` "
+"で定義された枠組みを指定しています。"
 
 #: ../source/specifications/version-specifiers.rst:689
 msgid ""
@@ -25704,6 +25762,13 @@ msgid ""
 "requirements necessitate a standardization across one parsing mechanism to "
 "be used for all versions of a project."
 msgstr ""
+"単純なインストーラ API の特性の故に、特定の配布物がどのバージョンのメタデータ"
+"を使っているかをインストーラが意識することは不可能です。さらに、インストーラ"
+"は、どのバージョンをインストールするべきであるかを決定するために、すべての、"
+"または、可能な限り多くのバージョンのプロジェクトを含む合理的に優先順位付けさ"
+"れたリストを作成することができるように要求されています。これらの要求事項によ"
+"って、あるプロジェクトのすべてのバージョンにおいてひとつの解析メカニズムが使"
+"われるような標準化が必要とされます。"
 
 #: ../source/specifications/version-specifiers.rst:697
 msgid ""
@@ -25714,17 +25779,23 @@ msgid ""
 "and ordering schemes if no versions complying with this specification are "
 "available."
 msgstr ""
+"上記のことによって、この仕様では、全てのメタデータのバージョンに使われなけれ"
+"ばならず、メタデータ v1.2 であってさえも :pep:`386` を上書きする形で使われな"
+"ければなりません。ツール類は、この仕様に示された規則に従って解釈できないバー"
+"ジョン番号をすべて無視するべきですが、この仕様に合致するバージョン番号がひと"
+"つも利用可能でない時には、それぞれの実装で定義されたバージョン番号の解釈や順"
+"序付けにフォールバックしても構いません。"
 
 #: ../source/specifications/version-specifiers.rst:703
 msgid ""
 "Distribution users may wish to explicitly remove non-compliant versions from "
 "any private package indexes they control."
-msgstr ""
+msgstr "配布物のユーザは、自分が管理するプライベートなパッケージインデックスにおいて"
+"、合致しないバージョン番号を明示的に除去しても構いません。"
 
 #: ../source/specifications/version-specifiers.rst:708
-#, fuzzy
 msgid "Compatibility with other version schemes"
-msgstr "universal wheelsの取り扱い"
+msgstr "他のバージョン番号の枠組みとの互換性"
 
 #: ../source/specifications/version-specifiers.rst:710
 msgid ""
@@ -25734,6 +25805,11 @@ msgid ""
 "the metadata while the translated public version is published in the version "
 "field."
 msgstr ""
+"プロジェクトの中には、この使用で定義された公開のバージョン番号枠組みに合致す"
+"るために翻訳を要求するようなバージョン番号枠組みを使うことを選択するものもあ"
+"ります。そのような場合には、当該プロジェクトに特有のバージョン番号をメタデー"
+"タに格納しておく一方で、公開のバージョン番号を version "
+"フィールドに置くことができます。"
 
 #: ../source/specifications/version-specifiers.rst:715
 msgid ""
@@ -25741,6 +25817,10 @@ msgid ""
 "ordering of published releases, while still allowing developers to use the "
 "internal versioning scheme they prefer for their projects."
 msgstr ""
+"これによって、自動化された配布物ツール類が公開されたリリース群の一貫性のある"
+"形で正確な順序付けを提供することができる一方、開発者側では依然として自分たち"
+"のプロジェクト向けに好みの内部的なバージョン番号枠組みを使うことが許されます"
+"。"
 
 #: ../source/specifications/version-specifiers.rst:723
 msgid ""
@@ -25752,6 +25832,12 @@ msgid ""
 "on other distributions, and when publishing a distribution that others rely "
 "on."
 msgstr ""
+"`セマンティックバージョニング`_ は、リリース番号の異なる要素の重要性に関して"
+"、この仕様以前から慣例として認められた人気のあるバージョン番号の識別の枠組み"
+"です。あるプロジェクトがセマンティックバージョニングの詳細を受け入れないこと"
+"を選択した場合であっても、他の配布物に依存する時や他のプロジェクトが依存する"
+"配布物を公開する時に発生する多くの課題を網羅するためにも、この枠組みは理解し"
+"ておくに値します。"
 
 #: ../source/specifications/version-specifiers.rst:730
 msgid ""
@@ -25760,6 +25846,10 @@ msgid ""
 "specification) are fully compatible with the version scheme defined in this "
 "specification, and abiding by these aspects is encouraged."
 msgstr ""
+"(2.0.0 仕様の1-8 節の) セマンティックバージョニングの (\"メジャー.マイナー."
+"マイクロ\" としてこの仕様に記されている) \"メジャー.マイナー.パッチ\" の形は"
+"、この仕様で定義されるバージョン番号枠組みと完全に互換であり、この形を受容す"
+"ることが推奨されています。"
 
 #: ../source/specifications/version-specifiers.rst:735
 msgid ""
@@ -25767,6 +25857,10 @@ msgid ""
 "sign (builds - clause 11) are *not* compatible with this specification and "
 "are not permitted in the public version field."
 msgstr ""
+"ハイフンを含むセマンティックバージョン (pre-releases - clause 10) "
+"やプラス記号を含むセマンティックバージョン (builds - clause 11) は、"
+"この仕様と *互換性がなく* "
+"、公開のバージョン番号フィールドでは許されていません。"
 
 #: ../source/specifications/version-specifiers.rst:739
 msgid ""
@@ -25774,16 +25868,18 @@ msgid ""
 "labels to compatible public versions is to use the ``.devN`` suffix to "
 "specify the appropriate version order."
 msgstr ""
+"ソースラベルに基づいたそのようなセマンティックバージョニングを公開バージョン"
+"番号と互換性のあるものに翻訳する可能なメカニズムの一つは、 ``.devN`` "
+"接尾辞を使って適切なバージョン番号の順序を指定することです。"
 
 #: ../source/specifications/version-specifiers.rst:743
 msgid ""
 "Specific build information may also be included in local version labels."
-msgstr ""
+msgstr "特定のビルド情報も、ローカルのバージョン番号のラベルに含めても構いません。"
 
 #: ../source/specifications/version-specifiers.rst:749
-#, fuzzy
 msgid "DVCS based version labels"
-msgstr "日付ベースのバージョン付与"
+msgstr "DVCS に基づいたバージョン番号のラベル"
 
 #: ../source/specifications/version-specifiers.rst:751
 msgid ""
@@ -25792,6 +25888,10 @@ msgid ""
 "As hashes cannot be ordered reliably such versions are not permitted in the "
 "public version field."
 msgstr ""
+"多くのビルドツールは、バージョン識別子に識別のためのハッシュ値を付加するため"
+"に、 Git や Mercurial のような分散バージョン管理システムを統合しています。ハ"
+"ッシュ値は信頼できる形で順序付けすることができないので、そのようなバージョン"
+"番号は公開のバージョンフィールドでは許されません。"
 
 #: ../source/specifications/version-specifiers.rst:756
 msgid ""
@@ -25799,16 +25899,19 @@ msgid ""
 "uniquely identify such releases for publication, while the original DVCS "
 "based label can be stored in the project metadata."
 msgstr ""
+"セマンティックバージョニングの場合と同様に、元の DVCS ベースのラベルをプロジ"
+"ェクトのメタデータに格納することができない一方で、そのようなリリースを公開す"
+"る際に一意に識別するために、公開の ``.devN`` 接尾辞をつけても構いません。"
 
 #: ../source/specifications/version-specifiers.rst:760
 msgid ""
 "Identifying hash information may also be included in local version labels."
-msgstr ""
+msgstr "ハッシュ値の情報を識別することは、ローカルのバージョン番号ラベルに含めても構"
+"いません。"
 
 #: ../source/specifications/version-specifiers.rst:764
-#, fuzzy
 msgid "Olson database versioning"
-msgstr "日付ベースのバージョン付与"
+msgstr "Olson データベースによるバージョニング"
 
 #: ../source/specifications/version-specifiers.rst:766
 msgid ""
@@ -25816,6 +25919,9 @@ msgid ""
 "Olson timezone database versioning scheme: the year followed by a lowercase "
 "character indicating the version of the database within that year."
 msgstr ""
+"``pytz`` プロジェクトは、バージョニング方法を対応する Olson "
+"タイムゾーンデータベースのバージョニング方法から継承しています: 年と、それに"
+"後続する小文字の文字でその年の中でのデータベースのバージョンを示すもの。"
 
 #: ../source/specifications/version-specifiers.rst:770
 msgid ""
@@ -25824,46 +25930,53 @@ msgid ""
 "release) and is incremented with each subsequent database update within the "
 "year."
 msgstr ""
+"これは、 ``<year>.<serial>`` として (訳註、標準に) "
+"適合する公開のバージョン識別子に翻訳することができ、そこでは ('<year>' "
+"リリースに対して) シリアル番号が０か１から始まって、その年の内にデータベース"
+"が更新される度に１づつ増加されます。"
 
 #: ../source/specifications/version-specifiers.rst:775
 msgid ""
 "As with other translated version identifiers, the corresponding Olson "
 "database version could be recorded in the project metadata."
 msgstr ""
+"他の翻訳されたバージョン識別子と同様に、対応する Olson データベースのバージョ"
+"ン番号は、そのプロジェクトのメタデータに記録しておくことが可能です。"
 
 #: ../source/specifications/version-specifiers.rst:782
 msgid ""
 "A version specifier consists of a series of version clauses, separated by "
 "commas. For example::"
-msgstr ""
+msgstr "バージョン指定子は、一連のバージョン番号節をコンマで区切ったものから構成され"
+"ます。例えば::"
 
 #: ../source/specifications/version-specifiers.rst:787
 msgid "The comparison operator determines the kind of version clause:"
-msgstr ""
+msgstr "比較演算子がバージョン番号節の種類を決定します:"
 
 #: ../source/specifications/version-specifiers.rst:789
 msgid "``~=``: `Compatible release`_ clause"
-msgstr ""
+msgstr "``~=``: `互換性のあるリリース <Compatible release>`_ 節"
 
 #: ../source/specifications/version-specifiers.rst:790
 msgid "``==``: `Version matching`_ clause"
-msgstr ""
+msgstr "``==``: `バージョン番号のマッチング <Version matching>`_ 節"
 
 #: ../source/specifications/version-specifiers.rst:791
 msgid "``!=``: `Version exclusion`_ clause"
-msgstr ""
+msgstr "``!=``: `バージョンの除外 <Version exclusion>`_ 節"
 
 #: ../source/specifications/version-specifiers.rst:792
 msgid "``<=``, ``>=``: `Inclusive ordered comparison`_ clause"
-msgstr ""
+msgstr "``<=``, ``>=``: `境界を含む順序比較 <Inclusive ordered comparison>`_ 節"
 
 #: ../source/specifications/version-specifiers.rst:793
 msgid "``<``, ``>``: `Exclusive ordered comparison`_ clause"
-msgstr ""
+msgstr "``<``, ``>``: `境界を含まない順序比較 <Exclusive ordered comparison>`_ 節"
 
 #: ../source/specifications/version-specifiers.rst:794
 msgid "``===``: `Arbitrary equality`_ clause."
-msgstr ""
+msgstr "``===``: `あらゆる意味での同一性 <Arbitrary equality>`_ clause."
 
 #: ../source/specifications/version-specifiers.rst:796
 msgid ""
@@ -25871,12 +25984,16 @@ msgid ""
 "version must match all given version clauses in order to match the specifier "
 "as a whole."
 msgstr ""
+"コンマ (\",\") は、論理 **積** 演算子と同一のものです: 候補バージョン番号は、"
+"全体として指定子に合致するために、すべての与えられた節が合致しなければなりま"
+"せん。"
 
 #: ../source/specifications/version-specifiers.rst:800
 msgid ""
 "Whitespace between a conditional operator and the following version "
 "identifier is optional, as is the whitespace around the commas."
-msgstr ""
+msgstr "条件演算子とその後のバージョン識別子の間の空白文字は、コンマの周囲の空白文字"
+"と同様にオプションです。"
 
 #: ../source/specifications/version-specifiers.rst:803
 msgid ""
@@ -25886,6 +26003,11 @@ msgid ""
 "releases are considered as candidate versions SHOULD be handled as described "
 "in `Handling of pre-releases`_."
 msgstr ""
+"複数の候補バージョンがバージョン識別子に合致する時には、好ましいバージョンは"
+"、標準の `バージョン番号枠組み <Version scheme>`_ で定義された首尾一貫する順"
+"序付けによって決定される最新のバージョンです。プレリリースが候補バージョンだ"
+"と見做されるか否かは、 `プレリリースの取り扱い <Handling of pre-releases>`_ "
+"に記述されているとおりに扱われるべきです。"
 
 #: ../source/specifications/version-specifiers.rst:809
 msgid ""
@@ -25893,10 +26015,13 @@ msgid ""
 "permitted in version specifiers, and local version labels MUST be ignored "
 "entirely when checking if candidate versions match a given version specifier."
 msgstr ""
+"以下で特に注記される場合を除いて、バージョン指定子内ではローカルバージョン指"
+"定子は許されてはならず、あるバージョン指定子に合致する候補バージョンかどうか"
+"を調べる際にはローカルバージョンラベルは完全に無視されなければなりません。"
 
 #: ../source/specifications/version-specifiers.rst:818
 msgid "Compatible release"
-msgstr ""
+msgstr "互換性のあるリリース <Compatible release>"
 
 #: ../source/specifications/version-specifiers.rst:820
 msgid ""
@@ -25904,6 +26029,9 @@ msgid ""
 "``~=`` and a version identifier. It matches any candidate version that is "
 "expected to be compatible with the specified version."
 msgstr ""
+"互換性のあるリリース節は、互換リリース演算子 ``~=`` とバージョン識別子から構"
+"成されます。指定されたバージョンと互換性があるものと期待されるすべての候補バ"
+"ージョンに合致します。"
 
 #: ../source/specifications/version-specifiers.rst:824
 msgid ""
@@ -25911,23 +26039,27 @@ msgid ""
 "`Version scheme`_. Local version identifiers are NOT permitted in this "
 "version specifier."
 msgstr ""
+"指定されたバージョン識別子は、 `バージョン番号枠組み <Version scheme`_ に記述"
+"された標準フォーマットの範疇に収まっていなければなりません。ローカルバージョ"
+"ン識別子は、このバージョン識別子の中では許容されません。"
 
 #: ../source/specifications/version-specifiers.rst:828
 msgid ""
 "For a given release identifier ``V.N``, the compatible release clause is "
 "approximately equivalent to the pair of comparison clauses::"
-msgstr ""
+msgstr "あるリリース識別子 ``V.N`` "
+"にとって、互換リリース節は、一組の比較節とほぼ同一のものです::"
 
 #: ../source/specifications/version-specifiers.rst:833
 msgid ""
 "This operator MUST NOT be used with a single segment version number such as "
 "``~=1``."
-msgstr ""
+msgstr "この演算子は、 ``~=1`` "
+"のように単独の構成部分バージョン番号と一緒に用いてはなりません。"
 
 #: ../source/specifications/version-specifiers.rst:836
-#, fuzzy
 msgid "For example, the following groups of version clauses are equivalent::"
-msgstr "次に挙げる名前はすべて同等ということになります:"
+msgstr "例えば、次に挙げるバージョン番号群はすべて同等ということになります::"
 
 #: ../source/specifications/version-specifiers.rst:844
 msgid ""
@@ -25935,6 +26067,9 @@ msgid ""
 "compatible release clause as ``V.N.suffix``, then the suffix is ignored when "
 "determining the required prefix match::"
 msgstr ""
+"プレリリース、ポストリリース、または開発リリースが ``V.N.suffix`` のような互"
+"換性のあるリリース節の形の名前を付けられているなら、要求される接頭辞と合致す"
+"るかどうかを決める時には接尾辞が無視されます::"
 
 #: ../source/specifications/version-specifiers.rst:854
 msgid ""
@@ -25942,11 +26077,13 @@ msgid ""
 "degree of forward compatibility in a compatible release clause can be "
 "controlled by appending additional zeros to the version specifier::"
 msgstr ""
+"リリース番号構成部分の比較に対するパディングの規則とは、互換性のあるリリース"
+"節での前方互換性に想定された度合いを、バージョン識別子の後ろにゼロを追加して"
+"制御することが可能です::"
 
 #: ../source/specifications/version-specifiers.rst:866
-#, fuzzy
 msgid "Version matching"
-msgstr "バージョン指定子"
+msgstr "バージョン番号の照合"
 
 #: ../source/specifications/version-specifiers.rst:868
 msgid ""
diff --git a/locales/ko/LC_MESSAGES/messages.po b/locales/ko/LC_MESSAGES/messages.po
index e589ef1e9..77eb31dca 100644
--- a/locales/ko/LC_MESSAGES/messages.po
+++ b/locales/ko/LC_MESSAGES/messages.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-11-03 06:00+0000\n"
 "Last-Translator: 황인아 <inahwang@kakao.com>\n"
 "Language-Team: Korean <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -656,7 +656,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1940,7 +1940,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 #, fuzzy
 msgid "Versioning"
 msgstr "번역"
@@ -2694,30 +2694,17 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 #, fuzzy
 msgid "Import Package"
 msgstr "패키지 가져오기"
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2726,19 +2713,32 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 #| msgid "Translations"
 msgid "Installed Project"
 msgstr "번역"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "모듈"
@@ -5172,7 +5172,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5181,9 +5181,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5296,7 +5296,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5328,28 +5328,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8426,29 +8439,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8459,31 +8494,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9658,44 +9693,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9705,17 +9754,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9723,17 +9772,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9745,38 +9794,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9787,34 +9836,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9822,58 +9871,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9885,18 +9934,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9907,32 +9956,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9940,17 +9989,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9960,49 +10009,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -10010,33 +10059,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10047,17 +10096,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10067,33 +10116,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10104,18 +10153,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10125,17 +10174,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10143,17 +10192,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10161,7 +10210,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10169,7 +10218,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10180,24 +10229,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10205,21 +10254,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10227,34 +10276,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12302,7 +12351,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13372,6 +13421,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13509,7 +13559,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 #, fuzzy
 msgid "Versions"
 msgstr "번역"
@@ -15136,6 +15186,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15308,7 +15654,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17198,12 +17544,27 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "번역"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17213,11 +17574,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17227,7 +17588,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17235,7 +17596,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17243,13 +17604,13 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 #| msgid "Translations"
 msgid "Installers"
 msgstr "번역"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17259,7 +17620,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17269,14 +17630,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17286,7 +17647,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17294,7 +17655,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17303,38 +17664,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17345,29 +17706,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17376,7 +17737,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17386,48 +17747,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17436,7 +17797,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17448,7 +17809,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17458,18 +17819,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17477,11 +17838,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17489,7 +17850,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17499,7 +17860,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17509,7 +17870,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17517,28 +17878,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17547,38 +17908,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "번역"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17586,19 +17947,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17607,43 +17968,43 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 #| msgid "Project"
 msgid "Project List"
 msgstr "프로젝트"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17653,7 +18014,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17663,13 +18024,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 #| msgid "Project name"
 msgid "Project Detail"
 msgstr "프로젝트 이름"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17677,33 +18038,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17712,14 +18073,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17729,7 +18090,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17737,14 +18098,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17754,27 +18115,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17783,7 +18144,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17794,7 +18155,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17804,11 +18173,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17816,11 +18185,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17828,19 +18197,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17849,7 +18218,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17857,12 +18226,12 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 msgid "Version + Format Selection"
 msgstr "번역"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17871,65 +18240,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17937,7 +18306,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17948,7 +18317,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17957,33 +18326,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17993,7 +18362,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -18003,7 +18372,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -18011,7 +18380,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18022,22 +18391,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18046,25 +18415,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18072,13 +18441,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18088,18 +18457,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18107,7 +18476,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18117,7 +18486,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18125,11 +18494,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18140,7 +18509,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18148,7 +18517,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18157,7 +18526,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18165,7 +18534,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18175,20 +18544,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18196,7 +18565,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18205,18 +18574,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18224,13 +18593,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18239,23 +18608,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18264,63 +18633,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18330,7 +18699,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18338,7 +18707,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18347,21 +18716,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18373,11 +18742,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18385,11 +18754,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18397,7 +18766,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18406,14 +18775,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18422,7 +18791,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18431,48 +18800,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21386,7 +21761,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21835,43 +22210,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21881,23 +22256,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21905,28 +22280,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21934,44 +22309,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/lzh/LC_MESSAGES/messages.po b/locales/lzh/LC_MESSAGES/messages.po
index dc79a204f..ba05fcd0b 100644
--- a/locales/lzh/LC_MESSAGES/messages.po
+++ b/locales/lzh/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-01-31 06:01+0000\n"
 "Last-Translator: maker <vmuonline@126.com>\n"
 "Language-Team: Chinese (Literary) <https://hosted.weblate.org/projects/pypa/"
@@ -608,7 +608,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1888,7 +1888,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2639,29 +2639,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2670,17 +2657,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5091,7 +5091,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5100,9 +5100,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5215,7 +5215,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5247,28 +5247,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8336,29 +8349,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8369,31 +8404,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9568,44 +9603,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9615,17 +9664,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9633,17 +9682,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9655,38 +9704,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9697,34 +9746,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9732,58 +9781,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9795,18 +9844,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9817,32 +9866,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9850,17 +9899,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9870,49 +9919,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9920,33 +9969,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9957,17 +10006,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9977,33 +10026,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10014,18 +10063,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10035,17 +10084,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10053,17 +10102,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10071,7 +10120,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10079,7 +10128,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10090,24 +10139,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10115,21 +10164,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10137,34 +10186,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12212,7 +12261,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13282,6 +13331,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13419,7 +13469,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15042,6 +15092,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15212,7 +15558,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17100,11 +17446,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17114,11 +17475,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17128,7 +17489,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17136,7 +17497,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17144,11 +17505,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17158,7 +17519,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17168,14 +17529,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17185,7 +17546,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17193,7 +17554,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17202,38 +17563,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17244,29 +17605,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17275,7 +17636,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17285,48 +17646,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17335,7 +17696,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17347,7 +17708,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17357,18 +17718,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17376,11 +17737,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17388,7 +17749,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17398,7 +17759,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17408,7 +17769,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17416,28 +17777,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17446,37 +17807,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17484,19 +17845,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17505,41 +17866,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17549,7 +17910,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17559,11 +17920,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17571,33 +17932,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17606,14 +17967,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17623,7 +17984,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17631,14 +17992,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17648,27 +18009,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17677,7 +18038,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17688,7 +18049,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17698,11 +18067,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17710,11 +18079,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17722,19 +18091,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17743,7 +18112,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17751,11 +18120,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17764,65 +18133,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17830,7 +18199,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17841,7 +18210,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17850,33 +18219,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17886,7 +18255,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17896,7 +18265,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17904,7 +18273,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17915,22 +18284,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17939,25 +18308,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17965,13 +18334,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17981,18 +18350,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18000,7 +18369,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18010,7 +18379,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18018,11 +18387,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18033,7 +18402,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18041,7 +18410,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18050,7 +18419,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18058,7 +18427,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18068,20 +18437,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18089,7 +18458,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18098,18 +18467,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18117,13 +18486,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18132,23 +18501,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18157,63 +18526,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18223,7 +18592,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18231,7 +18600,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18240,21 +18609,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18266,11 +18635,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18278,11 +18647,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18290,7 +18659,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18299,14 +18668,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18315,7 +18684,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18324,48 +18693,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21269,7 +21644,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21718,43 +22093,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21764,23 +22139,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21788,28 +22163,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21817,44 +22192,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/mk/LC_MESSAGES/messages.po b/locales/mk/LC_MESSAGES/messages.po
index 5a1732564..7e4811db6 100644
--- a/locales/mk/LC_MESSAGES/messages.po
+++ b/locales/mk/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2023-10-21 04:04+0000\n"
 "Last-Translator: \"Kristijan \\\"Fremen\\\" Velkovski\" <me@krisfremen.com>\n"
 "Language-Team: Macedonian <https://hosted.weblate.org/projects/pypa/"
@@ -608,7 +608,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1888,7 +1888,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2641,29 +2641,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2672,17 +2659,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5093,7 +5093,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5102,9 +5102,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5217,7 +5217,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5249,28 +5249,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8340,29 +8353,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8373,31 +8408,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9572,44 +9607,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9619,17 +9668,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9637,17 +9686,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9659,38 +9708,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9701,34 +9750,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9736,58 +9785,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9799,18 +9848,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9821,32 +9870,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9854,17 +9903,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9874,49 +9923,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9924,33 +9973,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9961,17 +10010,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9981,33 +10030,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10018,18 +10067,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10039,17 +10088,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10057,17 +10106,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10075,7 +10124,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10083,7 +10132,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10094,24 +10143,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10119,21 +10168,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10141,34 +10190,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12216,7 +12265,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13286,6 +13335,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13423,7 +13473,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15046,6 +15096,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15216,7 +15562,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17104,11 +17450,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17118,11 +17479,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17132,7 +17493,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17140,7 +17501,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17148,11 +17509,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17162,7 +17523,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17172,14 +17533,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17189,7 +17550,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17197,7 +17558,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17206,38 +17567,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17248,29 +17609,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17279,7 +17640,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17289,48 +17650,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17339,7 +17700,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17351,7 +17712,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17361,18 +17722,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17380,11 +17741,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17392,7 +17753,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17402,7 +17763,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17412,7 +17773,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17420,28 +17781,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17450,37 +17811,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17488,19 +17849,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17509,41 +17870,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17553,7 +17914,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17563,11 +17924,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17575,33 +17936,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17610,14 +17971,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17627,7 +17988,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17635,14 +17996,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17652,27 +18013,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17681,7 +18042,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17692,7 +18053,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17702,11 +18071,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17714,11 +18083,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17726,19 +18095,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17747,7 +18116,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17755,11 +18124,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17768,65 +18137,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17834,7 +18203,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17845,7 +18214,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17854,33 +18223,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17890,7 +18259,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17900,7 +18269,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17908,7 +18277,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17919,22 +18288,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17943,25 +18312,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17969,13 +18338,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17985,18 +18354,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18004,7 +18373,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18014,7 +18383,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18022,11 +18391,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18037,7 +18406,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18045,7 +18414,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18054,7 +18423,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18062,7 +18431,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18072,20 +18441,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18093,7 +18462,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18102,18 +18471,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18121,13 +18490,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18136,23 +18505,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18161,63 +18530,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18227,7 +18596,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18235,7 +18604,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18244,21 +18613,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18270,11 +18639,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18282,11 +18651,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18294,7 +18663,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18303,14 +18672,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18319,7 +18688,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18328,48 +18697,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21273,7 +21648,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21722,43 +22097,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21768,23 +22143,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21792,28 +22167,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21821,44 +22196,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/pl/LC_MESSAGES/messages.po b/locales/pl/LC_MESSAGES/messages.po
index bbef123ca..23b30a614 100644
--- a/locales/pl/LC_MESSAGES/messages.po
+++ b/locales/pl/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -604,7 +604,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1882,7 +1882,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2633,29 +2633,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2664,17 +2651,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5085,7 +5085,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5094,9 +5094,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5209,7 +5209,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5241,28 +5241,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8330,29 +8343,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8363,31 +8398,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9562,44 +9597,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9609,17 +9658,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9627,17 +9676,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9649,38 +9698,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9691,34 +9740,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9726,58 +9775,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9789,18 +9838,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9811,32 +9860,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9844,17 +9893,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9864,49 +9913,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9914,33 +9963,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9951,17 +10000,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9971,33 +10020,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10008,18 +10057,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10029,17 +10078,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10047,17 +10096,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10065,7 +10114,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10073,7 +10122,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10084,24 +10133,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10109,21 +10158,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10131,34 +10180,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12206,7 +12255,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13276,6 +13325,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13413,7 +13463,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15036,6 +15086,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15206,7 +15552,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17094,11 +17440,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17108,11 +17469,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17122,7 +17483,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17130,7 +17491,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17138,11 +17499,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17152,7 +17513,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17162,14 +17523,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17179,7 +17540,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17187,7 +17548,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17196,38 +17557,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17238,29 +17599,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17269,7 +17630,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17279,48 +17640,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17329,7 +17690,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17341,7 +17702,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17351,18 +17712,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17370,11 +17731,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17382,7 +17743,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17392,7 +17753,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17402,7 +17763,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17410,28 +17771,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17440,37 +17801,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17478,19 +17839,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17499,41 +17860,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17543,7 +17904,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17553,11 +17914,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17565,33 +17926,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17600,14 +17961,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17617,7 +17978,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17625,14 +17986,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17642,27 +18003,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17671,7 +18032,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17682,7 +18043,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17692,11 +18061,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17704,11 +18073,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17716,19 +18085,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17737,7 +18106,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17745,11 +18114,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17758,65 +18127,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17824,7 +18193,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17835,7 +18204,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17844,33 +18213,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17880,7 +18249,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17890,7 +18259,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17898,7 +18267,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17909,22 +18278,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17933,25 +18302,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17959,13 +18328,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17975,18 +18344,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17994,7 +18363,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18004,7 +18373,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18012,11 +18381,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18027,7 +18396,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18035,7 +18404,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18044,7 +18413,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18052,7 +18421,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18062,20 +18431,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18083,7 +18452,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18092,18 +18461,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18111,13 +18480,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18126,23 +18495,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18151,63 +18520,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18217,7 +18586,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18225,7 +18594,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18234,21 +18603,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18260,11 +18629,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18272,11 +18641,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18284,7 +18653,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18293,14 +18662,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18309,7 +18678,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18318,48 +18687,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21263,7 +21638,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21712,43 +22087,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21758,23 +22133,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21782,28 +22157,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21811,44 +22186,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/pt_BR/LC_MESSAGES/messages.po b/locales/pt_BR/LC_MESSAGES/messages.po
index bcd13d0c4..d3072dc16 100644
--- a/locales/pt_BR/LC_MESSAGES/messages.po
+++ b/locales/pt_BR/LC_MESSAGES/messages.po
@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-07-30 13:48+0000\n"
 "Last-Translator: Alefsander Ribeiro Nascimento <alefsander.pvh14@gmail.com>\n"
 "Language-Team: Portuguese (Brazil) <https://hosted.weblate.org/projects/pypa/"
@@ -759,7 +759,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr "Unix (incluindo Linux e macOS)"
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr "pex"
 
@@ -2448,7 +2448,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr "Versionamento"
 
@@ -3470,29 +3470,10 @@ msgstr ""
 "para extensões Jython."
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr "Known Good Set (KGS)"
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-"Um conjunto de distribuições em versões especificadas que são compatíveis "
-"entre si. Normalmente, será executado um conjunto de testes que passa em "
-"todos os testes antes que um conjunto específico de pacotes seja declarado "
-"como um conjunto sabidamente bom (*known good set*). Este termo é comumente "
-"usado por frameworks e kits de ferramentas que são compostos de várias "
-"distribuições individuais."
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr "Pacote de Importação"
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
@@ -3500,7 +3481,7 @@ msgstr ""
 "Um módulo Python que pode conter outros módulos ou recursivamente, outros "
 "pacotes."
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -3514,18 +3495,37 @@ msgstr ""
 "comumente chamado de \"pacote\" . Veja :ref:`distribution-package-vs-import-"
 "package` para uma explicação das diferenças."
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 msgid "Installed Project"
 msgstr "Instalador"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr "Known Good Set (KGS)"
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+"Um conjunto de distribuições em versões especificadas que são compatíveis "
+"entre si. Normalmente, será executado um conjunto de testes que passa em "
+"todos os testes antes que um conjunto específico de pacotes seja declarado "
+"como um conjunto sabidamente bom (*known good set*). Este termo é comumente "
+"usado por frameworks e kits de ferramentas que são compostos de várias "
+"distribuições individuais."
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "Módulo"
@@ -6583,11 +6583,18 @@ msgstr ""
 "partes de software externo."
 
 #: ../source/guides/installing-scientific-packages.rst:13
+#, fuzzy
+#| msgid ""
+#| "In particular, `NumPy <https://numpy.org/>`__, which provides the basis "
+#| "for most of the software in the `scientific Python stack <https://"
+#| "scientific-python.org>`_ can be configured to interoperate with different "
+#| "FORTRAN libraries, and can take advantage of different levels of "
+#| "vectorised instructions available in modern CPUs."
 msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 "Em particular, `NumPy <https://numpy.org/>`__, que fornece a base para a "
@@ -6597,13 +6604,22 @@ msgstr ""
 "disponíveis em CPUs modernas."
 
 #: ../source/guides/installing-scientific-packages.rst:19
+#, fuzzy
+#| msgid ""
+#| "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-"
+#| "built 32-bit and 64-bit binaries in the ``wheel`` format are available "
+#| "for all major operating systems (Windows, macOS, and Linux) on PyPI. "
+#| "Note, however, that on Windows, NumPy binaries are linked against the "
+#| "`ATLAS <http://www.netlib.org/atlas/>`__ BLAS/LAPACK library, restricted "
+#| "to SSE2 instructions, so they may not provide optimal linear algebra "
+#| "performance."
 msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 "A partir da versão 1.10.4 do NumPy e da versão 1.0.0 do SciPy, binários pré-"
 "construídos de 32 e 64 bits no formato ``wheel`` estão disponíveis para "
@@ -6765,7 +6781,7 @@ msgstr ""
 "ferramentas padrão ``pip`` e ``virtualenv``."
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr "Spack"
 
@@ -6813,35 +6829,33 @@ msgid "The conda cross-platform package manager"
 msgstr "O gerenciador de pacotes multiplataforma conda"
 
 #: ../source/guides/installing-scientific-packages.rst:121
-msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
-"distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
-msgstr ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ é uma "
-"distribuição Python publicada pela Anaconda, Inc. É uma coleção estável de "
-"pacotes de código aberto para *big data* e uso científico. A partir da "
-"versão 5.0 do Anaconda, cerca de 200 pacotes são instalados por padrão, e um "
-"total de 400-500 podem ser instalados e atualizados a partir do repositório "
-"Anaconda."
-
-#: ../source/guides/installing-scientific-packages.rst:127
+#, fuzzy
+#| msgid ""
+#| "``conda`` is an open source (BSD licensed) package management system and "
+#| "environment management system included in Anaconda that allows users to "
+#| "install multiple versions of binary software packages and their "
+#| "dependencies, and easily switch between them. It is a cross-platform tool "
+#| "working on Windows, macOS, and Linux. Conda can be used to package up and "
+#| "distribute all kinds of packages, it is not limited to just Python "
+#| "packages. It has full support for native virtual environments. Conda "
+#| "makes environments first-class citizens, making it easy to create "
+#| "independent environments even for C libraries. It is written in Python, "
+#| "but is Python-agnostic. Conda manages Python itself as a package, so "
+#| "that :command:`conda update python` is possible, in contrast to pip, "
+#| "which only manages Python packages. Conda is available in Anaconda and "
+#| "Miniconda (an easy-to-install download with just Python and conda)."
 msgid ""
 "``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
 msgstr ""
 "``conda`` é um sistema de gerenciamento de pacotes e de gerenciamento de "
 "ambiente de código aberto (licenciado por BSD) incluído no Anaconda que "
@@ -6858,6 +6872,44 @@ msgstr ""
 "Python. O Conda está disponível no Anaconda e no Miniconda (um download "
 "fácil de instalar com apenas Python e conda)."
 
+#: ../source/guides/installing-scientific-packages.rst:133
+#, fuzzy
+#| msgid ""
+#| "`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+#| "distribution published by Anaconda, Inc. It is a stable collection of "
+#| "Open Source packages for big data and scientific use.  As of the 5.0 "
+#| "release of Anaconda, about 200 packages are installed by default, and a "
+#| "total of 400-500 can be installed and updated from the Anaconda "
+#| "repository."
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
+"distribution published by Anaconda, Inc. It is a stable collection of Open "
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
+msgstr ""
+"`Anaconda <https://www.anaconda.com/products/individual/>`_ é uma "
+"distribuição Python publicada pela Anaconda, Inc. É uma coleção estável de "
+"pacotes de código aberto para *big data* e uso científico. A partir da "
+"versão 5.0 do Anaconda, cerca de 200 pacotes são instalados por padrão, e um "
+"total de 400-500 podem ser instalados e atualizados a partir do repositório "
+"Anaconda."
+
+#: ../source/guides/installing-scientific-packages.rst:135
+msgid ""
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
+msgstr ""
+
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
 msgid "Installing stand alone command line tools"
 msgstr "Instalando ferramentas de linha de comando autônomas"
@@ -11047,29 +11099,51 @@ msgstr "Enviando seu Projeto para PyPI"
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -11080,37 +11154,37 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 #, fuzzy
 msgid ":ref:`Flit`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 #, fuzzy
 msgid ":ref:`Hatch`,"
 msgstr "pip, :ref:`bandersnatch`"
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 #, fuzzy
 msgid ":doc:`nox <nox:index>`,"
 msgstr ":doc:`Documentação <conda:index>`"
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 #, fuzzy
 msgid ":ref:`PDM`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 #, fuzzy
 msgid ":ref:`Pipenv`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 #, fuzzy
 msgid ":ref:`Poetry`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 #, fuzzy
 msgid ":doc:`tox <tox:index>`."
 msgstr ":doc:`Documentação <conda:index>`"
@@ -12716,41 +12790,66 @@ msgstr ":doc:`Documentação <conda:index>`"
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
-"conda é a ferramenta de gerenciamento de pacotes para as instalações do "
-"`Anaconda <https://docs.anaconda.com/anaconda/>`__ Python . Anaconda Python "
-"é uma distribuição do `Anaconda, Inc <https://www.anaconda.com/products/"
-"individual>`__ voltada especificamente para a comunidade científica, e em "
-"particular no Windows onde a instalação de extensões binárias é "
-"frequentemente difícil ."
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
+#, fuzzy
+#| msgid ""
+#| "Conda is a completely separate tool from :ref:`pip`, virtualenv and "
+#| "wheel, but provides many of their combined features in terms of package "
+#| "management, virtual environment management and deployment of binary "
+#| "extensions."
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
 msgstr ""
 "Conda é uma ferramenta completamente separada de :ref:`pip`, virtualenv e "
 "wheel, mas fornece muitos de seus recursos combinados em termos de "
 "gerenciamento de pacotes, gerenciamento de ambiente virtual e implantação de "
 "extensões binárias."
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:420
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
+msgstr ""
+
+#: ../source/key_projects.rst:426
+#, fuzzy
+#| msgid ""
+#| "Conda does not install packages from PyPI and can install only from the "
+#| "official Anaconda repositories, or anaconda.org (a place for user-"
+#| "contributed *conda* packages), or a local (e.g. intranet) package "
+#| "server.  However, note that :ref:`pip` can be installed into, and work "
+#| "side-by-side with conda for managing :term:`distributions <Distribution "
+#| "Package>` from PyPI. Also, `conda skeleton <https://docs.conda.io/"
+#| "projects/conda-build/en/latest/user-guide/tutorials/build-pkgs-skeleton."
+#| "html>`__ is a tool to make Python packages installable by conda by first "
+#| "fetching them from PyPI and modifying their metadata."
+msgid ""
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 "O Conda não instala pacotes do PyPI e pode instalar apenas a partir dos "
 "repositórios oficiais do Anaconda, ou anaconda.org (um local para pacotes "
@@ -12762,11 +12861,11 @@ msgstr ""
 "skeleton.html>`__ é uma ferramenta para fazer pacotes Python instaláveis "
 "pelo conda primeiro obtendo-os em PyPI e modificando seus metadados."
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr "devpi"
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
@@ -12774,7 +12873,7 @@ msgstr ""
 "`Documentação <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/"
 "issues>` | `PyPI <https://pypi.org/project/devpi>`__"
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 #, fuzzy
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
@@ -12789,11 +12888,11 @@ msgstr ""
 "atividades de empacotamento, teste e lançamento com Python. devpi também "
 "fornece uma interface web navegável e pesquisável."
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 #, fuzzy
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
@@ -12802,7 +12901,7 @@ msgstr ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -12810,11 +12909,11 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr "enscons"
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
@@ -12822,7 +12921,7 @@ msgstr ""
 ":gh:`Código-fonte <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | "
 "`PyPI <https://pypi.org/project/enscons>`__"
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -12843,11 +12942,11 @@ msgstr ""
 "construídos automaticamente por :ref:`pip`, e wheels que são independentes "
 "de enscons."
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 #, fuzzy
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
@@ -12856,22 +12955,22 @@ msgstr ""
 "`Documentação <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr "Hashdist"
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
@@ -12879,7 +12978,7 @@ msgstr ""
 "`Documentação <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/hashdist/hashdist/>`__"
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -12898,11 +12997,11 @@ msgstr ""
 "pacotes sem estado, com cache e com capacidade de distribuição. É usado por "
 "alguns pesquisadores, mas não tem manutenção desde 2016."
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr "Maturin"
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
@@ -12910,7 +13009,7 @@ msgstr ""
 "`Documentação <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
@@ -12921,11 +13020,11 @@ msgstr ""
 "em Windows, Linux, macOS e FreeBSD, pode enviá-las para PyPI e tem suporte "
 "básico a PyPy e GraalPy."
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr "meson-python"
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
@@ -12933,7 +13032,7 @@ msgstr ""
 "`Documentação <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/mesonbuild/meson-python>`__"
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -12946,15 +13045,15 @@ msgstr ""
 "variedade de linguagens, incluindo C, e é capaz de atender às necessidades "
 "das configurações de compilação mais complexas."
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr "multibuild"
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr "`GitHub <https://github.com/multi-build/multibuild>`__"
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
@@ -12964,25 +13063,25 @@ msgstr ""
 "term:`wheels <Wheel>` para Linux, macOS e (menos flexível) Windows. Veja "
 "também :ref:`cibuildwheel`."
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr "pdm"
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
@@ -12990,7 +13089,7 @@ msgstr ""
 "`Documentação <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-"
 "project/pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
@@ -12999,7 +13098,7 @@ msgstr ""
 "`pyproject.toml` para armazenar metadados do projeto conforme definido em :"
 "pep:`621`."
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
@@ -13007,7 +13106,7 @@ msgstr ""
 "`Documentação <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -13019,11 +13118,11 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr "pip-tools"
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
@@ -13033,7 +13132,7 @@ msgstr ""
 "<https://github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/"
 "project/pip-tools/>`__"
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -13052,11 +13151,11 @@ msgstr ""
 "programa, atualizar todas as dependências (um recurso :ref:`pip` atualmente "
 "não fornece) e criar camadas de restrições para o programa obedecer."
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 #, fuzzy
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
@@ -13064,17 +13163,17 @@ msgstr ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr "piwheels"
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
@@ -13082,7 +13181,7 @@ msgstr ""
 "`Site <https://www.piwheels.org/>`__ | :doc:`Documentação <piwheels:index>` "
 "| `GitHub <https://github.com/piwheels/piwheels/>`__"
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -13094,11 +13193,11 @@ msgstr ""
 "otimizadas para instalação em computadores Raspberry Pi. O Raspberry Pi OS "
 "pré-configura pip para usar piwheels.org como um índice adicional para PyPI."
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr "poetry"
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
@@ -13106,7 +13205,7 @@ msgstr ""
 "`Documentação <https://python-poetry.org/>`__ | `GitHub <https://github.com/"
 "python-poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -13123,11 +13222,11 @@ msgstr ""
 "dependências, armazenando localmente em cache os metadados sobre as "
 "dependências."
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 #, fuzzy
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
@@ -13135,18 +13234,18 @@ msgstr ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 #, fuzzy
 msgid "Pulp-python"
 msgstr "python"
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 #, fuzzy
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
@@ -13155,18 +13254,18 @@ msgstr ""
 "`Documentação <https://pipx.pypa.io/>`__ | `GitHub <https://github.com/pypa/"
 "pipx>`__ | `PyPI <https://pypi.org/project/pipx/>`__"
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 #, fuzzy
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
@@ -13175,7 +13274,7 @@ msgstr ""
 "`Documentação <https://pipx.pypa.io/>`__ | `GitHub <https://github.com/pypa/"
 "pipx>`__ | `PyPI <https://pypi.org/project/pipx/>`__"
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -13183,12 +13282,12 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 #, fuzzy
 msgid "pypiprivate"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 #, fuzzy
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
@@ -13197,17 +13296,17 @@ msgstr ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
@@ -13215,7 +13314,7 @@ msgstr ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 #, fuzzy
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
@@ -13233,11 +13332,11 @@ msgstr ""
 "sem publicá-los publicamente. As organizações que usam o pypiserver "
 "geralmente baixam pacotes tanto do pypiserver quanto do PyPI."
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr "PyScaffold"
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
@@ -13245,7 +13344,7 @@ msgstr ""
 "`Documentação <https://pyscaffold.org>`__ | `GitHub <https://github.com/"
 "pyscaffold/pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -13262,11 +13361,11 @@ msgstr ""
 "imediatamente. PyScaffold também pode ser usado com projetos existentes para "
 "tornar o empacotamento mais fácil."
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 #, fuzzy
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
@@ -13274,17 +13373,17 @@ msgstr ""
 "`GitHub e documentação <https://github.com/pypa/hatch>`__ | `PyPI <https://"
 "pypi.org/project/hatch>`__"
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr "scikit-build"
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
@@ -13294,7 +13393,7 @@ msgstr ""
 "<https://github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/"
 "project/scikit-build>`__"
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -13313,11 +13412,11 @@ msgstr ""
 "instalar `ninja <https://pypi.org/project/ninja>`__ (também disponível em "
 "PyPI)."
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr "scikit-build-core"
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
@@ -13327,7 +13426,7 @@ msgstr ""
 "`GitHub <https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI "
 "<https://pypi.org/project/scikit-build-core>`__"
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -13344,11 +13443,11 @@ msgstr ""
 "associadas requisitos. CMake/Ninja são baixados automaticamente do PyPI se "
 "não estiverem disponíveis no sistema."
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr "shiv"
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
@@ -13356,7 +13455,7 @@ msgstr ""
 "`Documentação <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -13368,11 +13467,11 @@ msgstr ""
 "suas dependências incluídas. Seu objetivo principal é tornar a distribuição "
 "Python de aplicações e ferramentas de linha de comando rápida e fácil."
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 #, fuzzy
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
@@ -13381,7 +13480,7 @@ msgstr ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -13389,7 +13488,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -13401,7 +13500,7 @@ msgstr ""
 "sc/2015/2807623/12OmNBf94Xq>`__ | `Slides <https://tgamblin.github.io/files/"
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -13419,7 +13518,7 @@ msgstr ""
 "no mesmo sistema. O Spack foi projetado para construir rapidamente "
 "aplicações científicas de alto desempenho em clusters e supercomputadores."
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
@@ -13427,11 +13526,11 @@ msgstr ""
 "O Spack não está no PyPI (ainda), mas não requer instalação e pode ser usado "
 "imediatamente após a clonagem do GitHub."
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr "zest.releaser"
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
@@ -13441,7 +13540,7 @@ msgstr ""
 "<https://github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi."
 "org/project/zest.releaser/>`__"
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -13454,15 +13553,15 @@ msgstr ""
 "versão de pacote, atualizando changelogs, marcando lançamentos no controle "
 "de fontes e enviando novos pacotes para PyPI."
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr "Projetos de biblioteca padrão"
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr "ensurepip"
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
@@ -13470,7 +13569,7 @@ msgstr ""
 "`Documentação <https://docs.python.org/pt-br/3/library/ensurepip.html>`__ | "
 "`Issues <https://bugs.python.org/>`__"
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -13482,12 +13581,12 @@ msgstr ""
 "Na maioria dos casos, os usuários finais não usarão este módulo, mas em vez "
 "disso, ele será usado durante a construção da distribuição Python."
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 #, fuzzy
 msgid "http.server"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 #, fuzzy
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
@@ -13496,18 +13595,18 @@ msgstr ""
 "`Documentação <https://docs.python.org/pt-br/3/library/venv.html>`__ | "
 "`Issues <https://github.com/python/cpython/issues>`__"
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr "venv"
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
@@ -13515,7 +13614,7 @@ msgstr ""
 "`Documentação <https://docs.python.org/pt-br/3/library/venv.html>`__ | "
 "`Issues <https://github.com/python/cpython/issues>`__"
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -16184,7 +16283,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -17595,6 +17694,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr "Especificação"
@@ -17775,7 +17875,7 @@ msgid ""
 msgstr "Se vários extras forem listados, todas as dependências serão unidas."
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr "Versões"
 
@@ -19769,6 +19869,310 @@ msgstr ""
 "padrões e de proposição de novos está documentado em `pypa.io <https://www."
 "pypa.io/en/latest/specifications/>`__."
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+#, fuzzy
+#| msgid ""
+#| "This document describes the dependency specifiers format as originally "
+#| "specified in :pep:`508`."
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+"Este documento descreve o formato dos especificadores de dependência "
+"conforme originalmente especificado na :pep:`508`."
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+#, fuzzy
+#| msgid "Existing projects"
+msgid "Attestation objects"
+msgstr "Projetos existentes"
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 #, fuzzy
 msgid "Inline script metadata"
@@ -19941,7 +20345,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 #, fuzzy
 msgid "Recommendations"
 msgstr "Recomendações de ferramentas"
@@ -22227,12 +22631,27 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "Nomes não normalizados válidos"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -22242,11 +22661,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -22256,7 +22675,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -22264,7 +22683,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -22272,12 +22691,12 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 msgid "Installers"
 msgstr "Instalador"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -22287,7 +22706,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -22297,14 +22716,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -22314,7 +22733,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -22322,7 +22741,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -22331,38 +22750,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -22373,29 +22792,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -22404,7 +22823,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -22414,49 +22833,49 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 #, fuzzy
 msgid "Clients"
 msgstr "Conteúdo"
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -22465,7 +22884,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -22477,7 +22896,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -22487,19 +22906,19 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 #, fuzzy
 msgid "Backwards Compatibility"
 msgstr "Compatibilidade da ABI"
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -22507,11 +22926,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -22519,7 +22938,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -22529,7 +22948,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -22539,7 +22958,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -22547,28 +22966,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -22577,38 +22996,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "Normalização"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -22616,19 +23035,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -22637,43 +23056,43 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 msgid "Project List"
 msgstr "Projeto"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 #, fuzzy
 msgid "As an example:"
 msgstr "Um exemplo completo"
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -22683,7 +23102,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -22693,12 +23112,12 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 msgid "Project Detail"
 msgstr "Nome do projeto"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -22706,34 +23125,34 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 #, fuzzy
 msgid "``name``: The normalized name of the project."
 msgstr "O nome do projeto."
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 #, fuzzy
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
@@ -22745,14 +23164,14 @@ msgstr ""
 "Vários hashes podem ser incluídos e cabe ao consumidor decidir o que fazer "
 "com vários hashes (pode validar todos eles ou um subconjunto deles, ou nada)."
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 #, fuzzy
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
@@ -22769,7 +23188,7 @@ msgstr ""
 "DEVE sempre ser incluído. No momento da escrita, ``sha256`` especificamente "
 "é recomendado."
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -22777,14 +23196,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -22794,27 +23213,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -22823,7 +23242,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -22834,7 +23253,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -22844,12 +23271,12 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 #, fuzzy
 msgid "Content-Types"
 msgstr "Conteúdo"
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -22857,11 +23284,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -22869,19 +23296,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -22890,7 +23317,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -22898,12 +23325,12 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 msgid "Version + Format Selection"
 msgstr "Versão"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -22912,65 +23339,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -22978,7 +23405,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -22989,7 +23416,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -22998,33 +23425,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -23034,7 +23461,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -23044,7 +23471,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -23052,7 +23479,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -23063,22 +23490,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -23087,25 +23514,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -23113,13 +23540,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -23129,19 +23556,19 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 #, fuzzy
 msgid "Endpoint Configuration"
 msgstr "Configurações comuns"
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -23149,7 +23576,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -23159,7 +23586,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -23167,11 +23594,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -23182,7 +23609,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -23190,7 +23617,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -23199,7 +23626,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -23207,7 +23634,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -23217,20 +23644,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -23238,7 +23665,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -23247,18 +23674,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -23266,13 +23693,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -23281,23 +23708,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -23306,63 +23733,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -23372,7 +23799,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -23380,7 +23807,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -23389,22 +23816,22 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 #, fuzzy
 msgid "Additional file information"
 msgstr "Notas adicionais"
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -23416,11 +23843,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -23428,11 +23855,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -23440,7 +23867,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -23449,14 +23876,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -23465,7 +23892,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -23474,48 +23901,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr "Formato de distribuição fonte"
@@ -26789,7 +27222,7 @@ msgstr ""
 "os comandos tenham acesso aos seus pacotes instalados com ``pipenv shell``."
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr "Próximos passos"
 
@@ -27424,21 +27857,18 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
-"Você será solicitado a fornecer um nome de usuário e uma senha. Para o nome "
-"de usuário, use ``__token__``. Para a senha, use o valor do token, incluindo "
-"o prefixo ``pypi-``."
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 "Depois que o comando for concluído, você deverá ver uma saída semelhante a "
 "esta:"
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
@@ -27446,11 +27876,11 @@ msgstr ""
 "Depois de enviado, seu pacote pode ser visto no Test PyPI; por exemplo: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr "Instalando seu pacote recém-enviado"
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
@@ -27460,18 +27890,18 @@ msgstr ""
 "funciona. Crie um :ref:`ambiente virtual <Creating and using Virtual "
 "Environments>` e instale seu pacote a partir do Test PyPI:"
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr "Certifique-se de especificar seu nome de usuário no nome do pacote!"
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 "pip deve instalar o pacote de Test PyPI e a saída deve ser semelhante a esta:"
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -27487,7 +27917,7 @@ msgstr ""
 "pacote de exemplo não tenha nenhuma dependência, é uma boa prática evitar "
 "instalar dependências ao usar o Test PyPI."
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
@@ -27495,17 +27925,17 @@ msgstr ""
 "Você pode testar se ele foi instalado corretamente importando o pacote. "
 "Certifique-se de que ainda está em seu ambiente virtual e execute o Python:"
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr "e importe o pacote:"
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr "**Parabéns, você empacotou e distribuiu um projeto Python!** ✨ 🍰 ✨"
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -27517,7 +27947,7 @@ msgstr ""
 "ocasionalmente exclui pacotes e contas. É melhor usar Test PyPI para testes "
 "e experimentos como este tutorial."
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
@@ -27527,7 +27957,7 @@ msgstr ""
 "do Python, você pode fazer quase o mesmo que fez neste tutorial, mas com "
 "estas diferenças importantes:"
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
@@ -27537,7 +27967,7 @@ msgstr ""
 "acrescentar seu nome de usuário como fez no tutorial, mas você não pode usar "
 "um nome existente."
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
@@ -27547,7 +27977,7 @@ msgstr ""
 "servidores separados e os detalhes de login do servidor de teste não são "
 "compartilhados com o servidor principal."
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -27559,7 +27989,7 @@ msgstr ""
 "pacote em produção, você não precisa especificar ``--repository``; o pacote "
 "será enviado para https://pypi.org/ por padrão."
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
@@ -27567,7 +27997,7 @@ msgstr ""
 "Instale seu pacote a partir do PyPI real usando ``python3 -m pip install "
 "[seu-pacote]``."
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
@@ -27575,21 +28005,21 @@ msgstr ""
 "Neste ponto, se você quiser ler mais sobre o empacotamento de bibliotecas "
 "Python, aqui estão algumas coisas que você pode fazer:"
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
@@ -27599,11 +28029,11 @@ msgstr ""
 "de linha de comando para gerenciamento e empacotamento de projetos, como :"
 "ref:`hatch`, :ref:`flit`, :ref:`pdm` e :ref:`poetry`."
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr "Notas"
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
@@ -27613,6 +28043,29 @@ msgid ""
 "the file is empty)."
 msgstr ""
 
+#~ msgid ""
+#~ "conda is the package management tool for `Anaconda <https://docs.anaconda."
+#~ "com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
+#~ "from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
+#~ "specifically aimed at the scientific community, and in particular on "
+#~ "Windows where the installation of binary extensions is often difficult."
+#~ msgstr ""
+#~ "conda é a ferramenta de gerenciamento de pacotes para as instalações do "
+#~ "`Anaconda <https://docs.anaconda.com/anaconda/>`__ Python . Anaconda "
+#~ "Python é uma distribuição do `Anaconda, Inc <https://www.anaconda.com/"
+#~ "products/individual>`__ voltada especificamente para a comunidade "
+#~ "científica, e em particular no Windows onde a instalação de extensões "
+#~ "binárias é frequentemente difícil ."
+
+#~ msgid ""
+#~ "You will be prompted for a username and password. For the username, use "
+#~ "``__token__``. For the password, use the token value, including the "
+#~ "``pypi-`` prefix."
+#~ msgstr ""
+#~ "Você será solicitado a fornecer um nome de usuário e uma senha. Para o "
+#~ "nome de usuário, use ``__token__``. Para a senha, use o valor do token, "
+#~ "incluindo o prefixo ``pypi-``."
+
 #~ msgid ""
 #~ "A table of URLs where the key is the URL label and the value is the URL "
 #~ "itself."
diff --git a/locales/ro/LC_MESSAGES/messages.po b/locales/ro/LC_MESSAGES/messages.po
index d3f4b14bd..16a13a4f2 100644
--- a/locales/ro/LC_MESSAGES/messages.po
+++ b/locales/ro/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2021-08-20 01:32+0000\n"
 "Last-Translator: GUILHERME FERNANDES NETO <gfneto4@gmail.com>\n"
 "Language-Team: Romanian <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -608,7 +608,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1886,7 +1886,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2637,29 +2637,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2668,17 +2655,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5091,7 +5091,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5100,9 +5100,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5215,7 +5215,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5247,28 +5247,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8338,29 +8351,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8371,31 +8406,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9570,44 +9605,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9617,17 +9666,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9635,17 +9684,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9657,38 +9706,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9699,34 +9748,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9734,58 +9783,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9797,18 +9846,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9819,32 +9868,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9852,17 +9901,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9872,49 +9921,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9922,33 +9971,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9959,17 +10008,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9979,33 +10028,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10016,18 +10065,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10037,17 +10086,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10055,17 +10104,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10073,7 +10122,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10081,7 +10130,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10092,24 +10141,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10117,21 +10166,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10139,34 +10188,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12214,7 +12263,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13284,6 +13333,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13421,7 +13471,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15044,6 +15094,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15214,7 +15560,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17102,11 +17448,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17116,11 +17477,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17130,7 +17491,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17138,7 +17499,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17146,11 +17507,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17160,7 +17521,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17170,14 +17531,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17187,7 +17548,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17195,7 +17556,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17204,38 +17565,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17246,29 +17607,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17277,7 +17638,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17287,48 +17648,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17337,7 +17698,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17349,7 +17710,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17359,18 +17720,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17378,11 +17739,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17390,7 +17751,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17400,7 +17761,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17410,7 +17771,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17418,28 +17779,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17448,37 +17809,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17486,19 +17847,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17507,41 +17868,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17551,7 +17912,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17561,11 +17922,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17573,33 +17934,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17608,14 +17969,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17625,7 +17986,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17633,14 +17994,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17650,27 +18011,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17679,7 +18040,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17690,7 +18051,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17700,11 +18069,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17712,11 +18081,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17724,19 +18093,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17745,7 +18114,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17753,11 +18122,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17766,65 +18135,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17832,7 +18201,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17843,7 +18212,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17852,33 +18221,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17888,7 +18257,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17898,7 +18267,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17906,7 +18275,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17917,22 +18286,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17941,25 +18310,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17967,13 +18336,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17983,18 +18352,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18002,7 +18371,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18012,7 +18381,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18020,11 +18389,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18035,7 +18404,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18043,7 +18412,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18052,7 +18421,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18060,7 +18429,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18070,20 +18439,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18091,7 +18460,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18100,18 +18469,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18119,13 +18488,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18134,23 +18503,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18159,63 +18528,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18225,7 +18594,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18233,7 +18602,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18242,21 +18611,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18268,11 +18637,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18280,11 +18649,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18292,7 +18661,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18301,14 +18670,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18317,7 +18686,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18326,48 +18695,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21271,7 +21646,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21720,43 +22095,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21766,23 +22141,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21790,28 +22165,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21819,44 +22194,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/ru/LC_MESSAGES/messages.po b/locales/ru/LC_MESSAGES/messages.po
index 667b77a73..200a8b8d7 100644
--- a/locales/ru/LC_MESSAGES/messages.po
+++ b/locales/ru/LC_MESSAGES/messages.po
@@ -13,7 +13,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-07-15 14:09+0000\n"
 "Last-Translator: gfbdrgng <hnaofegnp@hldrive.com>\n"
 "Language-Team: Russian <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -766,7 +766,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr "Unix (включая Linux и macOS)"
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr "pex"
 
@@ -2436,7 +2436,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr "Версионирование"
 
@@ -3456,28 +3456,10 @@ msgstr ""
 "расширений Python на Windows, или в файле классов Java для расширений Jython."
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr "Known Good Set (KGS, Известный хороший набор)"
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-"Набор дистрибутивов определенных версий, совместимых друг с другом. Обычно "
-"перед тем, как объявить определенный набор пакетов заведомо исправным, "
-"запускается набор тестов, который проходит все проверки. Этот термин обычно "
-"используется во фреймворках и наборах инструментов, которые состоят из "
-"нескольких отдельных дистрибутивов."
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr "Import Package (Импортируемый пакет)"
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
@@ -3485,7 +3467,7 @@ msgstr ""
 "Модуль Python, который может содержать другие модули или, рекурсивно, другие "
 "пакеты."
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -3499,11 +3481,11 @@ msgstr ""
 "также обычно называется \"пакет\". Различия см. в :ref:`distribution-package-"
 "vs-import-package`."
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr "Установленный проект"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
@@ -3513,6 +3495,24 @@ msgstr ""
 "термин:`виртуальное окружение`, как описано в спецификации : ссылка:`запись-"
 "установленных-пакетов`."
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr "Known Good Set (KGS, Известный хороший набор)"
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+"Набор дистрибутивов определенных версий, совместимых друг с другом. Обычно "
+"перед тем, как объявить определенный набор пакетов заведомо исправным, "
+"запускается набор тестов, который проходит все проверки. Этот термин обычно "
+"используется во фреймворках и наборах инструментов, которые состоят из "
+"нескольких отдельных дистрибутивов."
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "Модуль"
@@ -6626,11 +6626,18 @@ msgstr ""
 "взаимодействовать с различными частями внешнего программного обеспечения."
 
 #: ../source/guides/installing-scientific-packages.rst:13
+#, fuzzy
+#| msgid ""
+#| "In particular, `NumPy <https://numpy.org/>`__, which provides the basis "
+#| "for most of the software in the `scientific Python stack <https://"
+#| "scientific-python.org>`_ can be configured to interoperate with different "
+#| "FORTRAN libraries, and can take advantage of different levels of "
+#| "vectorised instructions available in modern CPUs."
 msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 "В частности, `NumPy <https://numpy.org/>`__, который является основой для "
@@ -6640,13 +6647,22 @@ msgstr ""
 "инструкций, доступных в современных процессорах."
 
 #: ../source/guides/installing-scientific-packages.rst:19
+#, fuzzy
+#| msgid ""
+#| "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-"
+#| "built 32-bit and 64-bit binaries in the ``wheel`` format are available "
+#| "for all major operating systems (Windows, macOS, and Linux) on PyPI. "
+#| "Note, however, that on Windows, NumPy binaries are linked against the "
+#| "`ATLAS <http://www.netlib.org/atlas/>`__ BLAS/LAPACK library, restricted "
+#| "to SSE2 instructions, so they may not provide optimal linear algebra "
+#| "performance."
 msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 "Начиная с версии 1.10.4 NumPy и версии 1.0.0 SciPy, на PyPI доступны "
 "предварительно собранные 32- и 64-битные двоичные файлы в формате ``колеса'' "
@@ -6809,7 +6825,7 @@ msgstr ""
 "инструментарием на базе ``pip`` и ``virtualenv``."
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr "Spack"
 
@@ -6856,35 +6872,33 @@ msgid "The conda cross-platform package manager"
 msgstr "Кроссплатформенный менеджер пакетов conda"
 
 #: ../source/guides/installing-scientific-packages.rst:121
-msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
-"distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
-msgstr ""
-"Anaconda <https://www.anaconda.com/products/individual/>`_ - дистрибутив "
-"Python, опубликованный компанией Anaconda, Inc. Он представляет собой "
-"стабильную коллекцию пакетов с открытым исходным кодом для работы с большими "
-"данными и научного использования.  В релизе 5.0 Anaconda по умолчанию "
-"установлено около 200 пакетов, а всего из репозитория Anaconda можно "
-"установить и обновить 400-500 пакетов."
-
-#: ../source/guides/installing-scientific-packages.rst:127
+#, fuzzy
+#| msgid ""
+#| "``conda`` is an open source (BSD licensed) package management system and "
+#| "environment management system included in Anaconda that allows users to "
+#| "install multiple versions of binary software packages and their "
+#| "dependencies, and easily switch between them. It is a cross-platform tool "
+#| "working on Windows, macOS, and Linux. Conda can be used to package up and "
+#| "distribute all kinds of packages, it is not limited to just Python "
+#| "packages. It has full support for native virtual environments. Conda "
+#| "makes environments first-class citizens, making it easy to create "
+#| "independent environments even for C libraries. It is written in Python, "
+#| "but is Python-agnostic. Conda manages Python itself as a package, so "
+#| "that :command:`conda update python` is possible, in contrast to pip, "
+#| "which only manages Python packages. Conda is available in Anaconda and "
+#| "Miniconda (an easy-to-install download with just Python and conda)."
 msgid ""
 "``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
 msgstr ""
 "``conda`` - это система управления пакетами с открытым исходным кодом "
 "(лицензия BSD) и система управления окружением, входящая в состав Anaconda, "
@@ -6901,6 +6915,44 @@ msgstr ""
 "пакетами Python. Conda доступна в версиях Anaconda и Miniconda (простая в "
 "установке загрузка, содержащая только Python и conda)."
 
+#: ../source/guides/installing-scientific-packages.rst:133
+#, fuzzy
+#| msgid ""
+#| "`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+#| "distribution published by Anaconda, Inc. It is a stable collection of "
+#| "Open Source packages for big data and scientific use.  As of the 5.0 "
+#| "release of Anaconda, about 200 packages are installed by default, and a "
+#| "total of 400-500 can be installed and updated from the Anaconda "
+#| "repository."
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
+"distribution published by Anaconda, Inc. It is a stable collection of Open "
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
+msgstr ""
+"Anaconda <https://www.anaconda.com/products/individual/>`_ - дистрибутив "
+"Python, опубликованный компанией Anaconda, Inc. Он представляет собой "
+"стабильную коллекцию пакетов с открытым исходным кодом для работы с большими "
+"данными и научного использования.  В релизе 5.0 Anaconda по умолчанию "
+"установлено около 200 пакетов, а всего из репозитория Anaconda можно "
+"установить и обновить 400-500 пакетов."
+
+#: ../source/guides/installing-scientific-packages.rst:135
+msgid ""
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
+msgstr ""
+
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
 msgid "Installing stand alone command line tools"
 msgstr "Установка отдельных инструментов командной строки"
@@ -11127,11 +11179,17 @@ msgid "Uploading to PyPI"
 msgstr "Загрузка на PyPI"
 
 #: ../source/guides/tool-recommendations.rst:142
+#, fuzzy
+#| msgid ""
+#| "For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
+#| "publishing <trusted-publishing>`, which allows the package to be securely "
+#| "uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
+#| "software forges other than GitHub.)"
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 "Для проектов, размещенных на GitHub, рекомендуется использовать : ссылка:"
 "`доверенная публикация <доверенная публикация>`, которая позволяет безопасно "
@@ -11140,12 +11198,34 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 "Другой доступный способ - загрузить пакет вручную с помощью : ссылка:`twine`."
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
@@ -11154,11 +11234,11 @@ msgstr ""
 "Помимо того, что он является : ссылка:`утратившим актуальность <setup-py-"
 "deprecated>`, он еще и небезопасен."
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr "Инструменты рабочего процесса"
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -11177,31 +11257,31 @@ msgstr ""
 "для приложений. Часто они вызывают инструменты, упомянутые выше под капотом. "
 "В алфавитном порядке:"
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ":ссылка:`Flit`,"
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ":ссылка:`Hatch`,"
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ": документ:`nox <nox: индекс>`,"
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ":ссылка:`PDM`,"
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ":ссылка:`Pipenv`,"
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ":ссылка:`Поэзия`,"
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ": документ:`токсический <токсический:индекс>`."
 
@@ -12805,40 +12885,66 @@ msgstr ":doc:`Документы <conda:index>`"
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
-"conda - это инструмент управления пакетами для установки `Anaconda <https://"
-"docs.anaconda.com/anaconda/>`__ Python. Anaconda Python - это дистрибутив от "
-"`Anaconda, Inc <https://www.anaconda.com/products/individual>`__, "
-"ориентированный на научное сообщество, в частности, на Windows, где "
-"установка бинарных расширений часто бывает затруднена."
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
+#, fuzzy
+#| msgid ""
+#| "Conda is a completely separate tool from :ref:`pip`, virtualenv and "
+#| "wheel, but provides many of their combined features in terms of package "
+#| "management, virtual environment management and deployment of binary "
+#| "extensions."
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
 msgstr ""
 "Conda является совершенно отдельным инструментом от :ref:`pip`, virtualenv и "
 "wheel, но предоставляет многие из их объединенных возможностей в плане "
 "управления пакетами, виртуальным окружением и развертыванием бинарных "
 "расширений."
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:420
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
+msgstr ""
+
+#: ../source/key_projects.rst:426
+#, fuzzy
+#| msgid ""
+#| "Conda does not install packages from PyPI and can install only from the "
+#| "official Anaconda repositories, or anaconda.org (a place for user-"
+#| "contributed *conda* packages), or a local (e.g. intranet) package "
+#| "server.  However, note that :ref:`pip` can be installed into, and work "
+#| "side-by-side with conda for managing :term:`distributions <Distribution "
+#| "Package>` from PyPI. Also, `conda skeleton <https://docs.conda.io/"
+#| "projects/conda-build/en/latest/user-guide/tutorials/build-pkgs-skeleton."
+#| "html>`__ is a tool to make Python packages installable by conda by first "
+#| "fetching them from PyPI and modifying their metadata."
+msgid ""
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 "Conda не устанавливает пакеты из PyPI и может устанавливать их только из "
 "официальных репозиториев Anaconda, или с anaconda.org (место для "
@@ -12851,11 +12957,11 @@ msgstr ""
 "устанавливаемыми conda, предварительно получив их из PyPI и изменив их "
 "метаданные."
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr "devpi"
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
@@ -12863,7 +12969,7 @@ msgstr ""
 "`Документы <http://doc.devpi.net/latest/>`__ | :gh:`Проблемы <devpi/devpi/"
 "issues>` | `PyPI <https://pypi.org/project/devpi>`__"
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -12880,11 +12986,11 @@ msgstr ""
 "наследованием, синхронизацию между этими индексами, репликацию индекса и "
 "восстановление после отказа, а также загрузку пакетов."
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr "dumb-pypi"
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
@@ -12892,7 +12998,7 @@ msgstr ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -12904,11 +13010,11 @@ msgstr ""
 "статическом файловом веб-сервере, чтобы стать пакетным индексом. Он "
 "поддерживает обслуживание хэша, основных метаданных и yank-статуса."
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr "enscons"
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
@@ -12916,7 +13022,7 @@ msgstr ""
 ":gh:`Source <dholth/enscons>` | :gh:`Проблемы <dholth/enscons/issues>` | "
 "`PyPI <https://pypi.org/project/enscons>`__"
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -12936,11 +13042,11 @@ msgstr ""
 "Enscons помогает вам создавать sdists, которые могут быть автоматически "
 "собраны :ref:`pip`, и колеса, которые не зависят от enscons."
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr "Flask-Pypi-Proxy"
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
@@ -12949,12 +13055,12 @@ msgstr ""
 "<tzulberti/Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-"
 "Proxy/>`__"
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr "Не поддерживается, проект сдан в архив"
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
@@ -12962,11 +13068,11 @@ msgstr ""
 "Flask-Pypi-Proxy - это : термин:`индекс пакета <Индекс пакета>` в качестве "
 "кэшированного прокси для PyPI."
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr "Hashdist"
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
@@ -12974,7 +13080,7 @@ msgstr ""
 "`Документы <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/hashdist/hashdist/>`__"
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -12992,11 +13098,11 @@ msgstr ""
 "делает распространение пакетов нестационарным, кэшируемым и ветвящимся. "
 "Используется некоторыми исследователями, но с 2016 года не поддерживается."
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr "Maturin"
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
@@ -13004,7 +13110,7 @@ msgstr ""
 "`Документы <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
@@ -13015,11 +13121,11 @@ msgstr ""
 "и FreeBSD, может загружать их в PyPI и имеет базовую поддержку PyPy и "
 "GraalPy."
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr "meson-python"
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
@@ -13027,7 +13133,7 @@ msgstr ""
 "`Документы <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/mesonbuild/meson-python>`__"
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -13039,15 +13145,15 @@ msgstr ""
 "сборки для своего пакета. Он поддерживает широкий спектр языков, включая C, "
 "и способен удовлетворить потребности большинства сложных конфигураций сборки."
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr "multibuild"
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr "`GitHub <https://github.com/multi-build/multibuild>`__"
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
@@ -13057,15 +13163,15 @@ msgstr ""
 "`wheels <Wheel>` для Linux, macOS и (менее гибко) Windows. Также смотрите :"
 "ref:`cibuildwheel`."
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr "nginx_pypi_cache"
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
@@ -13073,11 +13179,11 @@ msgstr ""
 "nginx_pypi_cache - это : термин:`пакетный индекс <пакетный индекс>` "
 "кэширующего прокси, использующего `nginx <https://nginx.org/en/>`_."
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr "pdm"
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
@@ -13085,7 +13191,7 @@ msgstr ""
 "`Документы <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-"
 "project/pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
@@ -13094,7 +13200,7 @@ msgstr ""
 "`pyproject.toml` для хранения метаданных проекта, как определено в :pep:"
 "`621`."
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
@@ -13102,7 +13208,7 @@ msgstr ""
 "`Документы <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -13123,11 +13229,11 @@ msgstr ""
 "инструменты, поддерживающие превращение PEX-файла в стандартный venv, "
 "построение графиков зависимостей и многое другое."
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr "pip-инструменты"
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
@@ -13137,7 +13243,7 @@ msgstr ""
 "<https://github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/"
 "project/pip-tools/>`__"
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -13157,17 +13263,17 @@ msgstr ""
 "предоставляет), а также создать слои ограничений, которым должна подчиняться "
 "программа."
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr "pip2pi"
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 ":gh:`GitHub <волевой/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
@@ -13175,11 +13281,11 @@ msgstr ""
 "pip2pi - это сервер : термин:`индекс пакетов <Индекс пакетов>`, на котором "
 "вручную синхронизируются определенные пакеты."
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr "piwheels"
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
@@ -13187,7 +13293,7 @@ msgstr ""
 "Веб-сайт <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -13200,11 +13306,11 @@ msgstr ""
 "В Raspberry Pi OS предварительно настроен pip на использование piwheels.org "
 "в качестве дополнительного индекса к PyPI."
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr "поэзия"
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
@@ -13212,7 +13318,7 @@ msgstr ""
 "`Документы <https://python-poetry.org/>`__ | `GitHub <https://github.com/"
 "python-poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -13228,17 +13334,17 @@ msgstr ""
 "зависимостей. Он пытается ускорить процесс установки и разрешения "
 "зависимостей, локально кэшируя метаданные о зависимостях."
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr "proxpi"
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
@@ -13246,11 +13352,11 @@ msgstr ""
 "proxpi - это простой : термин:`индекс пакетов <Индекс пакетов>`, который "
 "проксирует PyPI и другие индексы с кэшированием."
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr "Pulp-python"
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
@@ -13258,7 +13364,7 @@ msgstr ""
 "`Документация <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub "
 "<pulp/pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__."
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
@@ -13269,11 +13375,11 @@ msgstr ""
 "поддерживаемые локальным или `AWS S3`_, загрузку пакетов и проксирование к "
 "нескольким индексам пакетов."
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr "Облако PyPI"
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
@@ -13281,7 +13387,7 @@ msgstr ""
 "`Документация <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__."
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -13293,11 +13399,11 @@ msgstr ""
 "файлы. PyPI Облако поддерживает перенаправление/кэширование прокси для PyPI, "
 "а также аутентификацию и авторизацию."
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr "pypiprivate"
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
@@ -13305,7 +13411,7 @@ msgstr ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
@@ -13313,11 +13419,11 @@ msgstr ""
 "pypiprivate обслуживает локальную (или размещенную на `AWS S3`_ директорию "
 "пакетов как : термин:`пакетный индекс <Пакетный индекс>`."
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
@@ -13325,7 +13431,7 @@ msgstr ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -13343,11 +13449,11 @@ msgstr ""
 "не публикуя их публично. Организации, использующие pypiserver, обычно "
 "загружают пакеты как с pypiserver, так и с PyPI."
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr "PyScaffold"
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
@@ -13355,7 +13461,7 @@ msgstr ""
 "`Документы <https://pyscaffold.org>`__ | `GitHub <https://github.com/"
 "pyscaffold/pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -13372,17 +13478,17 @@ msgstr ""
 "PyScaffold также можно использовать с существующими проектами, чтобы "
 "упростить их упаковку."
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr "pywharf"
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
@@ -13390,11 +13496,11 @@ msgstr ""
 "pywharf - это сервер : термин:`пакетный индекс <Пакетный индекс>`, "
 "обслуживающий файлы локально или с `GitHub <https://github.com/>`_."
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr "scikit-build"
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
@@ -13404,7 +13510,7 @@ msgstr ""
 "<https://github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/"
 "project/scikit-build>`__"
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -13422,11 +13528,11 @@ msgstr ""
 "распараллеливания сборки больших проектов пользователь может установить "
 "`ninja <https://pypi.org/project/ninja>`__ (также доступен на PyPI)."
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr "scikit-build-core"
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
@@ -13436,7 +13542,7 @@ msgstr ""
 "`GitHub <https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI "
 "<https://pypi.org/project/scikit-build-core>`__"
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -13452,11 +13558,11 @@ msgstr ""
 "также поиска зависимостей и связанных с ними требований к сборке. CMake/"
 "Ninja автоматически загружаются с PyPI, если не доступны в системе."
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr "shiv"
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
@@ -13464,7 +13570,7 @@ msgstr ""
 "`Документы <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -13476,11 +13582,11 @@ msgstr ""
 "Ее основная цель - сделать распространение Python-приложений и инструментов "
 "командной строки быстрым и легким."
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr "simpleindex"
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
@@ -13488,7 +13594,7 @@ msgstr ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -13501,7 +13607,7 @@ msgstr ""
 "пользовательского плагина) каталоги пакетов, а также поддерживает "
 "пользовательские плагины."
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -13513,7 +13619,7 @@ msgstr ""
 "sc/2015/2807623/12OmNBf94Xq>`__ | `Slides <https://tgamblin.github.io/files/"
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -13531,7 +13637,7 @@ msgstr ""
 "разработан для быстрого создания высокопроизводительных научных приложений "
 "на кластерах и суперкомпьютерах."
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
@@ -13539,11 +13645,11 @@ msgstr ""
 "Spack нет в PyPI (пока), но он не требует установки и может быть использован "
 "сразу после клонирования с GitHub."
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr "zest.releaser"
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
@@ -13553,7 +13659,7 @@ msgstr ""
 "<https://github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi."
 "org/project/zest.releaser/>`__"
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -13566,15 +13672,15 @@ msgstr ""
 "пакетов, обновления журналов изменений, маркировки релизов в системе "
 "контроля исходного кода и загрузки новых пакетов в PyPI."
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr "Проекты в стандартное библиотеке"
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr "ensurepip"
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
@@ -13582,7 +13688,7 @@ msgstr ""
 "`Документация <https://docs.python.org/3/library/ensurepip.html>`__ | "
 "`Замечания <http://bugs.python.org>`__"
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -13594,11 +13700,11 @@ msgstr ""
 "случаев конечные пользователи не будут использовать этот модуль, скорее он "
 "будет использоваться во время сборки дистрибутива Python."
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr "http.server"
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
@@ -13606,7 +13712,7 @@ msgstr ""
 ": Док:`Документы <python:library/http.server>` | :gh:`Выпуски <python/"
 "cpython/issues>`"
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
@@ -13616,11 +13722,11 @@ msgstr ""
 "сайта, например, как : термин:`пакетный индекс <Пакетный индекс>` (см. :"
 "ссылка:`Хостинг собственного простого репозитория`)."
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr "venv"
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
@@ -13628,7 +13734,7 @@ msgstr ""
 "`Документация <https://docs.python.org/3/library/venv.html>`__ | `Замечания "
 "<https://github.com/python/cpython/issues>`__"
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -16267,7 +16373,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -17673,6 +17779,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr "Спецификация"
@@ -17853,7 +17960,7 @@ msgstr ""
 "Если перечислено несколько дополнений, все зависимости объединяются вместе."
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr "Версии"
 
@@ -20114,6 +20221,308 @@ msgstr ""
 "стандартов и предложения новых задокументирован на сайте `pypa.io <https://"
 "www.pypa.io/en/latest/specifications/>`__."
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+#, fuzzy
+#| msgid ""
+#| "This specification was originally defined in :pep:`518` and :pep:`621`."
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+"Эта спецификация была первоначально определена в :pep:`518` и :pep:`621`."
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+#, fuzzy
+#| msgid "Existing projects"
+msgid "Attestation objects"
+msgstr "Существующие проекты"
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr "Встроенные метаданные сценария"
@@ -20345,7 +20754,7 @@ msgid ""
 msgstr "Ниже приведен пример чтения потока произвольных блоков метаданных."
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr "Рекомендации"
 
@@ -22892,11 +23301,26 @@ msgstr ""
 "В значении атрибута < и > должны быть закодированы в HTML как ``&lt;`` и "
 "``&gt;``, соответственно."
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr "Нормализованные названия"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -22912,11 +23336,11 @@ msgstr ""
 "символов ``.``, ``-`` или ``_`` должны быть заменены одним символом ``-``. "
 "Это можно реализовать на языке Python с помощью модуля ``re``::"
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr "Добавление поддержки \"Янк\" в простой API"
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -22932,7 +23356,7 @@ msgstr ""
 "\"выдернут\", и не должен выбираться программой установки, за исключением "
 "особых случаев."
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -22944,7 +23368,7 @@ msgstr ""
 "выдернут. Инструменты, обрабатывающие простой API репозитория, **МОГУТ** "
 "отображать эту строку для конечных пользователей."
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -22956,11 +23380,11 @@ msgstr ""
 "пользователи API **МОГУТ** быть в состоянии справиться с тем, что файл с "
 "атрибутом yanked может быть \"отменен\" (и даже снова отменен)."
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr "Установщики"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -22976,7 +23400,7 @@ msgstr ""
 "первоначальному приказу установить удаленный файл, то он ведет себя так, как "
 "будто он не был удален."
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -22992,7 +23416,7 @@ msgstr ""
 "**ДОЛЖНА** выбрать политику, которая следует духу вышеуказанного намерения и "
 "предотвращает \"новые\" зависимости от выдернутых релизов/файлов."
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
@@ -23002,7 +23426,7 @@ msgstr ""
 "вписать это в общее использование своего инсталлятора. Однако можно "
 "предложить два подхода:"
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -23020,7 +23444,7 @@ msgstr ""
 "спецификаторы>` для таких вещей, как локальные версии, нулевые подстановки и "
 "т.д."
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -23033,7 +23457,7 @@ msgstr ""
 "этом случае выдернутый файл **ДОЛЖЕН** не использоваться при создании или "
 "обновлении файла блокировки из какого-либо входного файла или команды."
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -23049,15 +23473,15 @@ msgstr ""
 "пользователю более конкретную информацию о том, почему этот файл был "
 "выдернут."
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr "Зеркала"
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr "Как правило, зеркала можно обрабатывать одним из двух способов:"
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
@@ -23067,7 +23491,7 @@ msgstr ""
 "предоставляя представление репозитория, в котором отображаются только "
 "\"активные\", незаанкетированные файлы."
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
@@ -23075,7 +23499,7 @@ msgstr ""
 "Они могут выбрать включение выдернутых файлов и дополнительно отразить "
 "атрибут ``данные выдернуты``."
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
@@ -23083,11 +23507,11 @@ msgstr ""
 "Зеркала **МОГУТ НЕ** зеркалировать выдернутый файл, не зеркалируя также "
 "атрибут ``данные выдернуты`` для него."
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr "Версионирование простого API PyPI"
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -23105,15 +23529,15 @@ msgstr ""
 "возможностей, поддерживаемых :ссылка:`спецификация версий <версия-"
 "спецификаторы>`."
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr "В итоге это будет выглядеть так::"
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr "При интерпретации версии репозитория:"
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
@@ -23123,7 +23547,7 @@ msgstr ""
 "несовместимом с обратной стороной, когда существующие клиенты уже не смогут "
 "полноценно использовать API."
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
@@ -23133,7 +23557,7 @@ msgstr ""
 "изменении обратной совместимости, так что ожидается, что существующие "
 "клиенты все еще смогут полноценно использовать API."
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -23147,7 +23571,7 @@ msgstr ""
 "использовать API, и это может включать добавление, модификацию или удаление "
 "существующих функций."
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -23163,7 +23587,7 @@ msgstr ""
 "который жил по адресу /v2/, но который был бы запутан, если бы в репозитории-"
 "версия была установлена версия >= 2)."
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
@@ -23173,12 +23597,12 @@ msgstr ""
 "будущие спецификации, которые будут развивать простой API, будут увеличивать "
 "номер минорной версии."
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr "Клиенты"
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
@@ -23188,7 +23612,7 @@ msgstr ""
 "на версию хранилища, и если эти данные отсутствуют, **ОБЯЗАНЫ** считать, что "
 "это версия 1.0."
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
@@ -23197,7 +23621,7 @@ msgstr ""
 "**ДОЛЖНЫ** жестко отказывать с соответствующим сообщением об ошибке для "
 "пользователя."
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
@@ -23205,7 +23629,7 @@ msgstr ""
 "При столкновении с минорной версией, превышающей ожидаемую, клиенты "
 "**ДОЛЖНЫ** предупреждать пользователей соответствующим сообщением."
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
@@ -23213,11 +23637,11 @@ msgstr ""
 "Клиенты **МОГУТ** продолжать использовать обнаружение функций, чтобы "
 "определить, какие функции использует хранилище."
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr "Предоставление метаданных распространения в API простого репозитория"
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -23231,7 +23655,7 @@ msgstr ""
 "представленный тегом якоря, **МОЖЕТ** содержать файл метаданных Core, "
 "который не будет изменен при обработке и/или установке дистрибутива."
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -23251,7 +23675,7 @@ msgstr ""
 "ref:`в базовой спецификации HTML API <простой репозиторий-апи-база>` "
 "указывается местоположение файла подписи GPG."
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -23267,11 +23691,11 @@ msgstr ""
 "**МОЖЕТ** использовать ``true`` в качестве значения атрибута, если хэш "
 "недоступен."
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr "Обратная совместимость"
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
@@ -23281,7 +23705,7 @@ msgstr ""
 "метаданные``, ожидается, что инструменты вернутся к своему текущему "
 "поведению загрузки дистрибутива для проверки метаданных."
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -23294,11 +23718,11 @@ msgstr ""
 "метаданных. Это похоже на то, как предыдущие добавления атрибута ``данные-`` "
 "предполагают работу существующих инструментов."
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr "Простой API на основе JSON для индексов пакетов Python"
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -23311,7 +23735,7 @@ msgstr ""
 "api-базовая>`) должны быть сериализованы с помощью `JSON <https://www.json."
 "org/>`_."
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -23327,7 +23751,7 @@ msgstr ""
 "согласование содержимого, чтобы позволить клиенту и серверу выбрать "
 "правильный формат сериализации для обслуживания, т.е. либо HTML, либо JSON."
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -23343,7 +23767,7 @@ msgstr ""
 "для существующих возможностей, эта спецификация не изменяет существующую "
 "версию ``1.0``, а вместо этого просто описывает, как сериализовать ее в JSON."
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -23355,7 +23779,7 @@ msgstr ""
 "изменения в новом формате приведут к тому, что существующие клиенты больше "
 "не смогут понять этот формат."
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
@@ -23365,7 +23789,7 @@ msgstr ""
 "добавляются или удаляются функции, но ожидается, что существующие клиенты "
 "будут продолжать понимать формат."
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
@@ -23375,7 +23799,7 @@ msgstr ""
 "понять формат, и которые не представляют собой добавления или удаления "
 "функций, могут происходить без изменения номера версии."
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
@@ -23386,7 +23810,7 @@ msgstr ""
 "вносящих какие-либо изменения в API, чтобы исследовать и решить, должно ли "
 "это изменение увеличивать мажорную или минорную версию."
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -23400,7 +23824,7 @@ msgstr ""
 "быть синхронизированы, но специфика того, как функция сериализуется в каждом "
 "формате, может отличаться, включая то, присутствует ли эта функция вообще."
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
@@ -23410,11 +23834,11 @@ msgstr ""
 "URL, которые возвращают данные, интерпретация которых определяется версией "
 "этих данных, а затем сериализуются в целевой формат сериализации."
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr "Сериализация JSON"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
@@ -23424,7 +23848,7 @@ msgstr ""
 "апи-база>` по-прежнему применима, так как эта спецификация лишь добавляет "
 "дополнительный формат сериализации для уже существующего API."
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
@@ -23432,7 +23856,7 @@ msgstr ""
 "Следующие ограничения применяются ко всем сериализованным ответам JSON, "
 "описанным в данной спецификации:"
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
@@ -23440,7 +23864,7 @@ msgstr ""
 "Все ответы JSON *всегда* будут представлять собой объект JSON, а не массив "
 "или другой тип."
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 #, fuzzy
 #| msgid ""
 #| "While JSON doesn't natively support an URL type, any value that "
@@ -23458,7 +23882,7 @@ msgstr ""
 "правильное местоположение. Если они относительные, то они относятся к "
 "текущему URL, как если бы это был HTML."
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
@@ -23466,7 +23890,7 @@ msgstr ""
 "Дополнительные ключи могут быть добавлены к любым объектам словаря в ответах "
 "API, и клиенты **МОГУТ** игнорировать ключи, которые они не понимают."
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
@@ -23474,7 +23898,7 @@ msgstr ""
 "Все JSON-ответы имеют ключ ``meta``, который содержит информацию, "
 "относящуюся к самому ответу, а не к его содержимому."
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -23488,7 +23912,7 @@ msgstr ""
 "семантикой fail/warn, которая определена в :ссылка:спецификация версионности "
 "API <простой репозиторий-апи-версия>`."
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
@@ -23496,11 +23920,11 @@ msgstr ""
 "Все требования : ссылка:`базовой спецификации HTML API <простой репозиторий-"
 "апи-база>`, не относящиеся к HTML, остаются в силе."
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr "Список проектов"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
@@ -23508,7 +23932,7 @@ msgstr ""
 "Корневой URL ``/`` для этой спецификации (который представляет собой базовый "
 "URL) будет представлять собой словарь в кодировке JSON, имеющий два ключа:"
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
@@ -23517,8 +23941,8 @@ msgstr ""
 "одним ключом, ``название``, который представляет собой строку с названием "
 "проекта."
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
@@ -23526,12 +23950,12 @@ msgstr ""
 "``meta``: Общие метаданные ответа, как `описано ранее <Json-"
 "сериализация_>`__."
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr "В качестве примера:"
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -23547,7 +23971,7 @@ msgstr ""
 "на то, что это ненормализованное или нормализованное имя, - это полагаться "
 "на детали реализации данного репозитория."
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -23563,11 +23987,11 @@ msgstr ""
 "одного запроса к другому. Мысленно это лучше всего воспринимать как набор, "
 "но и JSON, и HTML не имеют функциональности для создания наборов."
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr "Деталь проекта"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -23579,36 +24003,36 @@ msgstr ""
 "нормализованное имя этого проекта, так что проект с именем \" Глупый_ход\" "
 "будет иметь URL типа ``/глупый_ход/``."
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 "В ответ на этот URL должен прийти словарь в кодировке JSON, состоящий из "
 "трех ключей:"
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr "``название``: Нормализованное имя проекта."
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 "``файлы``: Список словарей, каждый из которых представляет отдельный файл."
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr "Каждый отдельный словарь файлов имеет следующие ключи:"
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr "``имя файла``: Имя представляемого файла."
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr "``url``: URL, с которого может быть получен файл."
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -23622,7 +24046,7 @@ msgstr ""
 "вообще ничего). Имена хэшей **ОБЯЗАТЕЛЬНО** всегда должны быть приведены к "
 "нижнему регистру."
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
@@ -23632,7 +24056,7 @@ msgstr ""
 "однако **НАСТОЯТЕЛЬНО** рекомендуется всегда включать хотя бы один "
 "безопасный, гарантированно доступный хэш."
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -23649,7 +24073,7 @@ msgstr ""
 "включен. На момент создания данной спецификации рекомендуется использовать "
 "``sha256``."
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -23661,7 +24085,7 @@ msgstr ""
 "инструменты установки **ДОЛЖНЫ** игнорировать загрузку при установке на "
 "версию Python, которая не удовлетворяет этому требованию."
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
@@ -23671,7 +24095,7 @@ msgstr ""
 "HTML API <simple-repository-api-base>``, ключ ``запросы-python`` не требует "
 "никакого специального экранирования, кроме того, что JSON делает естественно."
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -23688,7 +24112,7 @@ msgstr ""
 "метаданных, либо словарем, отображающим имена хэшей на шестнадцатеричный "
 "дайджест хэша метаданных."
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
@@ -23697,7 +24121,7 @@ msgstr ""
 "Если это словарь хэшей, а не булевых значений, то все те же требования и "
 "рекомендации, что и для ключа ``хэши``, справедливы и для этого ключа."
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
@@ -23707,7 +24131,7 @@ msgstr ""
 "не существовать. Если значение ключа истинно, то файл метаданных "
 "присутствует, а если ложно, то нет."
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
@@ -23715,7 +24139,7 @@ msgstr ""
 "Рекомендуется, чтобы серверы по возможности предоставляли хэши файлов "
 "метаданных."
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -23730,7 +24154,7 @@ msgstr ""
 "Если этот ключ не существует, то подпись может существовать, а может и не "
 "существовать."
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -23748,7 +24172,15 @@ msgstr ""
 "``url``, был \"Yanked\" согласно : ссылка:спецификации API yank <простой "
 "репозиторий-апи-yank>`."
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -23764,11 +24196,11 @@ msgstr ""
 "от одного запроса к другому. Мысленно это лучше всего воспринимать как "
 "набор, но и JSON, и HTML не имеют функциональности для создания наборов."
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr "Контент-Типы"
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -23780,11 +24212,11 @@ msgstr ""
 "(ответ простого API), какую версию API он представляет и какой формат "
 "сериализации был использован."
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr "Структура этого типа содержимого будет следующей:"
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -23796,20 +24228,20 @@ msgstr ""
 "содержимого и будет снабжена префиксом ``v``, чтобы пояснить, что это номер "
 "версии."
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 "Это означает, что для существующего API 1.0 типы содержимого будут такими:"
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr "**JSON:** ``приложение/vnd.pypi. простой.v1+json``"
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr "**HTML:** ``приложение/vnd.pypi. простой.v1+html``"
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -23823,7 +24255,7 @@ msgstr ""
 "версия. Рекомендуется, однако, чтобы клиенты четко указывали, какие версии "
 "они поддерживают."
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -23836,11 +24268,11 @@ msgstr ""
 "далее определяет ``текст/html`` как псевдоним для типа содержимого "
 "``приложение/vnd.pypi. простой.v1+html``."
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr "Выбор версии + формата"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -23854,7 +24286,7 @@ msgstr ""
 "новая основная версия API могла быть добавлена без нарушения работы "
 "существующих клиентов, ожидающих предыдущую версию API."
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
@@ -23864,7 +24296,7 @@ msgstr ""
 "`Серверного согласования содержимого` (Server-Driven Content Negotiation) "
 "<https://developer.mozilla.org/en-US/docs/Web/HTTP/Content_negotiation>`_."
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
@@ -23872,7 +24304,7 @@ msgstr ""
 "Хотя эта спецификация не может полностью описать всю процедуру согласования "
 "содержимого на сервере, ее суть примерно такова:"
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
@@ -23880,7 +24312,7 @@ msgstr ""
 "Клиент отправляет HTTP-запрос, содержащий заголовок ``Принять``, в котором "
 "перечислены все типы содержимого версии+формата, которые он способен понять."
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
@@ -23890,7 +24322,7 @@ msgstr ""
 "содержимого, затем возвращает ответ, используя этот тип содержимого "
 "(рассматривая отсутствие заголовка ``принять`` как ``принять: */*``)."
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
@@ -23899,7 +24331,7 @@ msgstr ""
 "Если сервер не поддерживает ни один из типов содержимого в заголовке "
 "``принять``, он может выбрать один из 3 вариантов ответа:"
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
@@ -23907,7 +24339,7 @@ msgstr ""
 "Выберите тип содержимого по умолчанию, отличный от того, что запросил "
 "клиент, и верните ответ с этим типом."
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
@@ -23917,7 +24349,7 @@ msgstr ""
 "запрошенных типов содержимого не был доступен, и сервер не смог или не "
 "захотел выбрать тип содержимого по умолчанию для ответа."
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
@@ -23925,7 +24357,7 @@ msgstr ""
 "Возвращает ответ HTTP ``300 Множество вариантов``, содержащий список всех "
 "возможных ответов, которые могли быть выбраны."
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
@@ -23933,7 +24365,7 @@ msgstr ""
 "Клиент интерпретирует ответ, обрабатывая различные типы ответов, которые мог "
 "дать сервер."
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -23945,7 +24377,7 @@ msgstr ""
 "**ДОЛЖНЫ** быть готовы обрабатывать все возможные ответы тем способом, "
 "который наиболее удобен для них."
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -23963,7 +24395,7 @@ msgstr ""
 "случае, так что в лучшем случае этот ответ будет рассматриваться так же, как "
 "и ошибка ``406 не принято``."
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 #, fuzzy
 #| msgid ""
 #| "This spec **does** require that if the meta version ``latest`` is being "
@@ -23986,7 +24418,7 @@ msgstr ""
 "``v1.x``, должен иметь ``Контент-Тип`` из ``приложение/vnd.pypi.простой."
 "v1+json``)."
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
@@ -23996,19 +24428,19 @@ msgstr ""
 "содержимого, которые клиент понимает и может обрабатывать. Он поддерживает "
 "три различных формата для каждого запрашиваемого типа содержимого:"
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr "``$тип/$подтип``"
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr "``$тип/*``"
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr "``*/*``"
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
@@ -24018,7 +24450,7 @@ msgstr ""
 "$подтип``, поскольку это единственный способ действительно указать нужную "
 "версию и формат."
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -24034,7 +24466,7 @@ msgstr ""
 "синтаксис ``принять`` в заголовке ``значение качества <https://developer."
 "mozilla.org/en-US/docs/Glossary/Quality_values>`_."
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -24050,7 +24482,7 @@ msgstr ""
 "более низким качеством, и любая запись без присутствующего качества будет по "
 "умолчанию иметь качество ``1``."
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -24061,7 +24493,7 @@ msgstr ""
 "запрошенных ими типов содержимого, независимо от их приоритета, и даже может "
 "вернуть тип содержимого, который они **не* запрашивали."
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -24080,11 +24512,11 @@ msgstr ""
 "_internal/index/collector.py#L123-L150>`_, так что риск реальных поломок "
 "невелик."
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr "Пример работы клиента может выглядеть следующим образом:"
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
@@ -24094,11 +24526,11 @@ msgstr ""
 "удалит типы контента, которые ему не нужны, из заголовка ``принять``, и "
 "превратит их получение в ошибку."
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr "Альтернативные механизмы переговоров"
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -24113,11 +24545,11 @@ msgstr ""
 "предусмотрены альтернативные механизмы согласования, которые могут "
 "*факультативно* использоваться вместо него."
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr "Параметр URL"
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 #, fuzzy
 #| msgid ""
 #| "Servers that implement the Simple API may choose to support an URL "
@@ -24131,7 +24563,7 @@ msgstr ""
 "Серверы, реализующие простой API, могут поддерживать параметр URL с именем "
 "``формат``, чтобы позволить клиентам запрашивать определенную версию URL."
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
@@ -24141,7 +24573,7 @@ msgstr ""
 "содержимого. Передача нескольких типов содержимого, подстановочных карт, "
 "качественных значений и т. д. **не поддерживается."
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -24154,7 +24586,7 @@ msgstr ""
 "документации или примечаниях можно было ссылаться на конкретную "
 "версию+формат."
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
@@ -24162,7 +24594,7 @@ msgstr ""
 "Серверы, не поддерживающие этот параметр, могут возвращать ошибку при его "
 "наличии или просто игнорировать его присутствие."
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -24179,11 +24611,11 @@ msgstr ""
 "Недоступен``, ``303 Несколько вариантов`` или выбор типа по умолчанию для "
 "возврата)."
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr "Конфигурация конечной точки"
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
@@ -24194,7 +24626,7 @@ msgstr ""
 "серверам выбирать, какой из доступных типов содержимого является их типом по "
 "умолчанию."
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -24206,7 +24638,7 @@ msgstr ""
 "свой клиент для выбора нужной им версии, то такая конфигурация "
 "поддерживается."
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -24223,7 +24655,7 @@ msgstr ""
 "``Принять``, сервер может проигнорировать его и вернуть тип содержимого, "
 "соответствующий данной конечной точке."
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -24235,11 +24667,11 @@ msgstr ""
 "репозитория, и при запросе к этому серверу выдавать заголовок ``Принять``, "
 "который *только* включает правильный тип содержимого."
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr "Поддержка TUF - PEP 458"
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -24257,7 +24689,7 @@ msgstr ""
 "клиент TUF не может справиться с тем, что цель может иметь несколько "
 "различных представлений, которые хэшируются по-разному."
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -24269,7 +24701,7 @@ msgstr ""
 "путь типа ``простой/ПРОЕКТ/`` неприемлем, потому что технически он указывает "
 "на каталог."
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -24283,7 +24715,7 @@ msgstr ""
 "который нужно получить. То же самое можно сказать и о других аспектах "
 "фактического HTTP-запроса, таких как заголовок ``принять``."
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -24295,7 +24727,7 @@ msgstr ""
 "данная спецификация откладывает принятие решения о том, как именно "
 "представлять это в метаданных :pep:`458`."
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -24311,7 +24743,7 @@ msgstr ""
 "формат v1 HTML будет ``простой/ПРОЕКТ/vnd.pypi. простой.v1.html``, а формат "
 "v1 JSON будет ``простой/ПРОЕКТ/vnd.pypi.простой.v1.json``."
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
@@ -24321,7 +24753,7 @@ msgstr ""
 "``приложения/vnd.pypi. простой.v1+html`` при взаимодействии через TUF, "
 "скорее всего, будет разумнее нормализовать к более явному имени."
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
@@ -24329,7 +24761,7 @@ msgstr ""
 "Аналогично, метаверсия ``последней`` не должна включаться в цели, должны "
 "поддерживаться только явно объявленные версии."
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -24341,7 +24773,7 @@ msgstr ""
 "реализации этой спецификации, но он **не** представляет собой никаких "
 "требований по соответствию этим решениям."
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -24355,11 +24787,11 @@ msgstr ""
 "использование API обеспечивало защитные ограждения, которые пытаются "
 "подтолкнуть клиента к наилучшему выбору."
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr "Рекомендуется использовать серверы:"
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
@@ -24370,7 +24802,7 @@ msgstr ""
 "крайней мере, пока они получают нетривиальный трафик, использующий ответы "
 "HTML."
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -24381,7 +24813,7 @@ msgstr ""
 "с которыми сервер умеет работать, сервер не должен возвращать ответ ``300 "
 "Множественный выбор``, а вместо этого возвращает ответ ``406 Неприемлемо``."
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
@@ -24390,7 +24822,7 @@ msgstr ""
 "предпочесть возвращать ответ ``200 OK`` в ожидаемом типе содержимого для "
 "данной конечной точки."
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -24405,11 +24837,11 @@ msgstr ""
 "использовать тип содержимого ``текст/html`` только в качестве последнего "
 "средства."
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr "Рекомендуется, чтобы клиенты:"
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
@@ -24417,7 +24849,7 @@ msgstr ""
 "Поддерживать все 3 типа контента, описанные в данной спецификации, используя "
 "согласование контента с сервером, до тех пор, пока это возможно."
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
@@ -24425,7 +24857,7 @@ msgstr ""
 "При составлении заголовка ``Принять`` включите в него все типы содержимого, "
 "которые вы поддерживаете."
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -24439,7 +24871,7 @@ msgstr ""
 "стандартной библиотеки и беспокоитесь о том, что некоторые типы HTML-ответов "
 "могут быть не в состоянии разобрать в некоторых крайних случаях)."
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
@@ -24450,7 +24882,7 @@ msgstr ""
 "html``, если только это не единственный тип содержимого, который вы "
 "запрашиваете."
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
@@ -24458,7 +24890,7 @@ msgstr ""
 "Явно выбирайте версии, которые они ищут, вместо того чтобы использовать "
 "``последнюю`` мета-версию во время обычной работы."
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
@@ -24466,11 +24898,11 @@ msgstr ""
 "Проверьте ``Контент-Тип`` в ответе и убедитесь, что он соответствует тому, "
 "что вы ожидали."
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr "Дополнительные поля для простого API для индексов пакетов"
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
@@ -24480,15 +24912,15 @@ msgstr ""
 "версии API нет никаких изменений по сравнению с версией 1.0. Для JSON-версии "
 "API сделаны следующие изменения:"
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr "В ``api-версия`` должна быть указана версия 1.1 или более поздняя."
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr "На верхнем уровне добавляется новый ключ ``версии``."
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
@@ -24496,7 +24928,7 @@ msgstr ""
 "В данные ``файлы`` добавлены два новых ключа \"информации о файле\", "
 "``размер`` и ``время загрузки``."
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
@@ -24505,7 +24937,7 @@ msgstr ""
 "частные для использования индексным сервером. Ни один будущий стандарт не "
 "будет присваивать значение такому ключу."
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
@@ -24513,7 +24945,7 @@ msgstr ""
 "Ключи ``версии`` и ``размер`` являются обязательными. Ключ ``время "
 "загрузки`` является необязательным."
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -24529,7 +24961,7 @@ msgstr ""
 "для этого проекта. Значение логически является набором, и поэтому не может "
 "содержать дубликатов, а порядок значений не имеет значения."
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -24541,7 +24973,7 @@ msgstr ""
 "ассоциированных файлов (для представления версий без загруженных файлов, "
 "если сервер имеет такую концепцию)."
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -24556,15 +24988,15 @@ msgstr ""
 "что они могут быть упорядочены с использованием правил VSS. Тем не менее, "
 "серверы ДОЛЖНЫ использовать нормализованные версии VSS, где это возможно."
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr "Дополнительная информация о файле"
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr "К ключу ``файлы`` добавляются два новых ключа."
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
@@ -24572,7 +25004,7 @@ msgstr ""
 "``размер``: Это поле является обязательным. Оно ДОЛЖНО содержать целое "
 "число, представляющее собой размер файла в байтах."
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -24592,11 +25024,11 @@ msgstr ""
 "содержать до 6 цифр точности. Если сервер не записывает информацию о времени "
 "загрузки файла, он МОЖЕТ опустить ключ ``время загрузки``."
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr "Переименование dist- инфо-метаданных в простом API"
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -24609,11 +25041,11 @@ msgstr ""
 "этом документе должны интерпретироваться так, как описано в :rfc:`RFC 2119 "
 "<2119>`."
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr "Серверы"
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -24625,7 +25057,7 @@ msgstr ""
 "**ОБЯЗАТЕЛЬНО** передаются с помощью атрибута ``данные-ядро-метаданные``, "
 "при этом поддерживаемые значения остаются прежними."
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -24638,7 +25070,7 @@ msgstr ""
 "**МОЖНО** передавать с помощью ключа ``ядро-метаданные``, при этом "
 "поддерживаемые значения остаются неизменными."
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
@@ -24649,7 +25081,7 @@ msgstr ""
 "метаданные``, и если оно это делает, то **ДОЛЖНО** соответствовать значению "
 "``данные-ядро-метаданные``."
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -24664,7 +25096,7 @@ msgstr ""
 "дист-инфо-метаданные``, если они присутствуют, но ``данные-ядро-метаданные`` "
 "отсутствуют."
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -24678,19 +25110,19 @@ msgstr ""
 "**МОГУТ** опционально использовать унаследованный ключ ``дист-инфо-"
 "метаданные``, если он присутствует, а ``ядро-метаданные`` - нет."
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr "Сентябрь 2015 года: начальная форма формата HTML, в :pep:`503`"
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr "Июль 2016 г: Метаданные Требуется-Python, в обновлении :pep:`503`"
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr "Май 2019: поддержка \"янки\", в :pep:`592`"
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
@@ -24698,14 +25130,14 @@ msgstr ""
 "Июль 2020 года: Соглашение о версиях API и метаданные, а также объявление "
 "формата HTML как API v1, в :pep:`629`"
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 "Май 2021: предоставление метаданных пакета независимо от пакета, в :pep:`658`"
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
@@ -24713,7 +25145,7 @@ msgstr ""
 "Май 2022: начальная форма формата JSON, с механизмом выбора между ними для "
 "клиентов, и объявление обоих форматов как API v1, в :pep:`691`"
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
@@ -24721,7 +25153,7 @@ msgstr ""
 "Октябрь 2022: версии проектов, размер файлов и время загрузки в формате "
 "JSON, в :pep:`700`"
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
@@ -24729,6 +25161,18 @@ msgstr ""
 "Июнь 2023: переименование поля, предоставляющего метаданные пакета "
 "независимо от пакета, в :pep:`714`"
 
+#: ../source/specifications/simple-repository-api.rst:1003
+#, fuzzy
+#| msgid ""
+#| "October 2022: project versions and file size and upload-time in the JSON "
+#| "format, in :pep:`700`"
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+"Октябрь 2022: версии проектов, размер файлов и время загрузки в формате "
+"JSON, в :pep:`700`"
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr "Формат распространения в исходных кодах"
@@ -28692,7 +29136,7 @@ msgstr ""
 "shell``."
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr "Следующие шаги"
 
@@ -29333,19 +29777,16 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
-"Вам будет предложено ввести имя пользователя и пароль. Для имени "
-"пользователя используйте ``__token__``. Для пароля используйте значение "
-"токена, включая префикс ``pypi-``."
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr "После выполнения команды вы должны увидеть вывод, похожий на этот:"
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
@@ -29354,11 +29795,11 @@ msgstr ""
 "например: ``https://test.pypi.org/project/"
 "example_package_YOUR_USERNAME_HERE``."
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr "Установка нового загруженного пакета"
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
@@ -29368,11 +29809,11 @@ msgstr ""
 "работоспособности. Создайте :ref:`виртуальную среду <Создание и "
 "использование виртуальных сред>` и установите свой пакет из TestPyPI:"
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr "Обязательно укажите свое имя пользователя в названии пакета!"
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
@@ -29380,7 +29821,7 @@ msgstr ""
 "pip должен установить пакет из TestPyPI, и результат должен выглядеть "
 "примерно так:"
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -29396,7 +29837,7 @@ msgstr ""
 "неожиданное. Хотя наш пример не имеет зависимостей, рекомендуется избегать "
 "установки зависимостей при использовании TestPyPI."
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
@@ -29405,18 +29846,18 @@ msgstr ""
 "Убедитесь, что вы все еще находитесь в виртуальной среде, а затем запустите "
 "Python:"
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr "и импортировать пакет:"
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 "**Поздравляем, вы упаковали и распространили проект на Python!** ✨ 🍰 ✨"
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -29428,7 +29869,7 @@ msgstr ""
 "времени удаляет пакеты и аккаунты. Лучше всего использовать TestPyPI для "
 "тестирования и экспериментов, подобных этому руководству."
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
@@ -29437,7 +29878,7 @@ msgstr ""
 "Когда вы будете готовы загрузить реальный пакет в Python Package Index, вы "
 "можете сделать все то же самое, что и в этом уроке, но с важными отличиями:"
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
@@ -29447,7 +29888,7 @@ msgstr ""
 "добавлять имя пользователя, как это было в учебнике, но нельзя использовать "
 "существующее имя."
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
@@ -29457,7 +29898,7 @@ msgstr ""
 "это два отдельных сервера и данные для входа с тестового сервера не "
 "передаются на основной сервер."
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -29469,7 +29910,7 @@ msgstr ""
 "Теперь, когда вы загружаете пакет в production, вам не нужно указывать ``--"
 "репозиторий``; пакет будет загружен на https://pypi.org/ по умолчанию."
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
@@ -29477,7 +29918,7 @@ msgstr ""
 "Установите свой пакет из настоящего PyPI с помощью ``python3 -m pip install "
 "[your-package]``."
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
@@ -29485,7 +29926,7 @@ msgstr ""
 "На этом этапе, если вы хотите прочитать больше об упаковке библиотек Python, "
 "вот некоторые вещи, которые вы можете сделать:"
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
@@ -29495,7 +29936,7 @@ msgstr ""
 "`Hatchling <hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
@@ -29505,7 +29946,7 @@ msgstr ""
 "index>` на этом сайте или в :doc:`discussions </discussions/index>` для "
 "объяснений и справочной информации по конкретным темам."
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
@@ -29515,11 +29956,11 @@ msgstr ""
 "командной строки для управления проектом и упаковки, такие как :ref:"
 "`hatch`, :ref:`flit`, :ref:`pdm` и :ref:`poetry`."
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr "Примечания"
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
@@ -29534,6 +29975,28 @@ msgstr ""
 "Если вы только начинаете с Python упаковки, рекомендуется придерживаться "
 "*регулярных пакетов* и ``__init__.py`` (даже если файл пуст)."
 
+#~ msgid ""
+#~ "conda is the package management tool for `Anaconda <https://docs.anaconda."
+#~ "com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
+#~ "from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
+#~ "specifically aimed at the scientific community, and in particular on "
+#~ "Windows where the installation of binary extensions is often difficult."
+#~ msgstr ""
+#~ "conda - это инструмент управления пакетами для установки `Anaconda "
+#~ "<https://docs.anaconda.com/anaconda/>`__ Python. Anaconda Python - это "
+#~ "дистрибутив от `Anaconda, Inc <https://www.anaconda.com/products/"
+#~ "individual>`__, ориентированный на научное сообщество, в частности, на "
+#~ "Windows, где установка бинарных расширений часто бывает затруднена."
+
+#~ msgid ""
+#~ "You will be prompted for a username and password. For the username, use "
+#~ "``__token__``. For the password, use the token value, including the "
+#~ "``pypi-`` prefix."
+#~ msgstr ""
+#~ "Вам будет предложено ввести имя пользователя и пароль. Для имени "
+#~ "пользователя используйте ``__token__``. Для пароля используйте значение "
+#~ "токена, включая префикс ``pypi-``."
+
 #~ msgid ""
 #~ "A table of URLs where the key is the URL label and the value is the URL "
 #~ "itself."
diff --git a/locales/sai/LC_MESSAGES/messages.po b/locales/sai/LC_MESSAGES/messages.po
index 625ee245f..1a323da04 100644
--- a/locales/sai/LC_MESSAGES/messages.po
+++ b/locales/sai/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -604,7 +604,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1882,7 +1882,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2633,29 +2633,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2664,17 +2651,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5085,7 +5085,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5094,9 +5094,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5209,7 +5209,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5241,28 +5241,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8330,29 +8343,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8363,31 +8398,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9562,44 +9597,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9609,17 +9658,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9627,17 +9676,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9649,38 +9698,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9691,34 +9740,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9726,58 +9775,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9789,18 +9838,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9811,32 +9860,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9844,17 +9893,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9864,49 +9913,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9914,33 +9963,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9951,17 +10000,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9971,33 +10020,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10008,18 +10057,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10029,17 +10078,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10047,17 +10096,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10065,7 +10114,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10073,7 +10122,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10084,24 +10133,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10109,21 +10158,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10131,34 +10180,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12206,7 +12255,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13276,6 +13325,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13413,7 +13463,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15036,6 +15086,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15206,7 +15552,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17094,11 +17440,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17108,11 +17469,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17122,7 +17483,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17130,7 +17491,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17138,11 +17499,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17152,7 +17513,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17162,14 +17523,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17179,7 +17540,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17187,7 +17548,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17196,38 +17557,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17238,29 +17599,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17269,7 +17630,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17279,48 +17640,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17329,7 +17690,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17341,7 +17702,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17351,18 +17712,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17370,11 +17731,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17382,7 +17743,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17392,7 +17753,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17402,7 +17763,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17410,28 +17771,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17440,37 +17801,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17478,19 +17839,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17499,41 +17860,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17543,7 +17904,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17553,11 +17914,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17565,33 +17926,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17600,14 +17961,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17617,7 +17978,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17625,14 +17986,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17642,27 +18003,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17671,7 +18032,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17682,7 +18043,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17692,11 +18061,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17704,11 +18073,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17716,19 +18085,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17737,7 +18106,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17745,11 +18114,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17758,65 +18127,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17824,7 +18193,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17835,7 +18204,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17844,33 +18213,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17880,7 +18249,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17890,7 +18259,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17898,7 +18267,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17909,22 +18278,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17933,25 +18302,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17959,13 +18328,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17975,18 +18344,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17994,7 +18363,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18004,7 +18373,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18012,11 +18381,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18027,7 +18396,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18035,7 +18404,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18044,7 +18413,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18052,7 +18421,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18062,20 +18431,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18083,7 +18452,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18092,18 +18461,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18111,13 +18480,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18126,23 +18495,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18151,63 +18520,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18217,7 +18586,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18225,7 +18594,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18234,21 +18603,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18260,11 +18629,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18272,11 +18641,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18284,7 +18653,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18293,14 +18662,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18309,7 +18678,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18318,48 +18687,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21263,7 +21638,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21712,43 +22087,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21758,23 +22133,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21782,28 +22157,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21811,44 +22186,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/si/LC_MESSAGES/messages.po b/locales/si/LC_MESSAGES/messages.po
index ea7110b76..dfa958a2d 100644
--- a/locales/si/LC_MESSAGES/messages.po
+++ b/locales/si/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2022-06-11 08:19+0000\n"
 "Last-Translator: Kushan Gunasekera <kushan.gunasekera@gmail.com>\n"
 "Language-Team: Sinhala <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -608,7 +608,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1886,7 +1886,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2637,29 +2637,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2668,17 +2655,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5089,7 +5089,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5098,9 +5098,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5213,7 +5213,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5245,28 +5245,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8334,29 +8347,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8367,31 +8402,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9566,44 +9601,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9613,17 +9662,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9631,17 +9680,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9653,38 +9702,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9695,34 +9744,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9730,58 +9779,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9793,18 +9842,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9815,32 +9864,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9848,17 +9897,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9868,49 +9917,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9918,33 +9967,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9955,17 +10004,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9975,33 +10024,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10012,18 +10061,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10033,17 +10082,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10051,17 +10100,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10069,7 +10118,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10077,7 +10126,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10088,24 +10137,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10113,21 +10162,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10135,34 +10184,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12210,7 +12259,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13280,6 +13329,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13417,7 +13467,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15040,6 +15090,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15210,7 +15556,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17098,11 +17444,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17112,11 +17473,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17126,7 +17487,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17134,7 +17495,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17142,11 +17503,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17156,7 +17517,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17166,14 +17527,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17183,7 +17544,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17191,7 +17552,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17200,38 +17561,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17242,29 +17603,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17273,7 +17634,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17283,48 +17644,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17333,7 +17694,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17345,7 +17706,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17355,18 +17716,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17374,11 +17735,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17386,7 +17747,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17396,7 +17757,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17406,7 +17767,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17414,28 +17775,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17444,37 +17805,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17482,19 +17843,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17503,41 +17864,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17547,7 +17908,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17557,11 +17918,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17569,33 +17930,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17604,14 +17965,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17621,7 +17982,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17629,14 +17990,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17646,27 +18007,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17675,7 +18036,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17686,7 +18047,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17696,11 +18065,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17708,11 +18077,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17720,19 +18089,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17741,7 +18110,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17749,11 +18118,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17762,65 +18131,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17828,7 +18197,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17839,7 +18208,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17848,33 +18217,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17884,7 +18253,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17894,7 +18263,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17902,7 +18271,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17913,22 +18282,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17937,25 +18306,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17963,13 +18332,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17979,18 +18348,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17998,7 +18367,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18008,7 +18377,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18016,11 +18385,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18031,7 +18400,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18039,7 +18408,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18048,7 +18417,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18056,7 +18425,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18066,20 +18435,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18087,7 +18456,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18096,18 +18465,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18115,13 +18484,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18130,23 +18499,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18155,63 +18524,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18221,7 +18590,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18229,7 +18598,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18238,21 +18607,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18264,11 +18633,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18276,11 +18645,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18288,7 +18657,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18297,14 +18666,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18313,7 +18682,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18322,48 +18691,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21267,7 +21642,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21716,43 +22091,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21762,23 +22137,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21786,28 +22161,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21815,44 +22190,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/sk/LC_MESSAGES/messages.po b/locales/sk/LC_MESSAGES/messages.po
index 8c223a3ed..671b6dc49 100644
--- a/locales/sk/LC_MESSAGES/messages.po
+++ b/locales/sk/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-11-02 00:54+0000\n"
 "Last-Translator: Milan Šalka <salka.milan@googlemail.com>\n"
 "Language-Team: Slovak <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -712,7 +712,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1996,7 +1996,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2747,29 +2747,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2778,19 +2765,32 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 #| msgid "Translations"
 msgid "Installed Project"
 msgstr "Preklady"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5221,7 +5221,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5230,9 +5230,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5345,7 +5345,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5377,28 +5377,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8490,29 +8503,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8523,31 +8558,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9722,44 +9757,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9769,17 +9818,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9787,17 +9836,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9809,38 +9858,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9851,34 +9900,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9886,58 +9935,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9949,18 +9998,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9971,32 +10020,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -10004,17 +10053,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -10024,49 +10073,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -10074,33 +10123,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10111,17 +10160,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10131,33 +10180,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10168,18 +10217,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10189,17 +10238,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10207,17 +10256,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10225,7 +10274,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10233,7 +10282,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10244,24 +10293,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10269,21 +10318,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10291,34 +10340,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12366,7 +12415,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13436,6 +13485,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13573,7 +13623,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15200,6 +15250,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15372,7 +15718,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17260,11 +17606,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17274,11 +17635,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17288,7 +17649,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17296,7 +17657,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17304,13 +17665,13 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 #| msgid "Translations"
 msgid "Installers"
 msgstr "Preklady"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17320,7 +17681,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17330,14 +17691,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17347,7 +17708,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17355,7 +17716,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17364,38 +17725,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17406,29 +17767,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17437,7 +17798,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17447,48 +17808,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17497,7 +17858,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17509,7 +17870,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17519,18 +17880,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17538,11 +17899,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17550,7 +17911,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17560,7 +17921,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17570,7 +17931,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17578,28 +17939,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17608,37 +17969,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17646,19 +18007,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17667,43 +18028,43 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 #| msgid "Project"
 msgid "Project List"
 msgstr "Projekt"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17713,7 +18074,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17723,13 +18084,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 #| msgid "Project name"
 msgid "Project Detail"
 msgstr "Meno projektu"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17737,33 +18098,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17772,14 +18133,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17789,7 +18150,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17797,14 +18158,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17814,27 +18175,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17843,7 +18204,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17854,7 +18215,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17864,11 +18233,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17876,11 +18245,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17888,19 +18257,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17909,7 +18278,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17917,11 +18286,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17930,65 +18299,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17996,7 +18365,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -18007,7 +18376,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -18016,33 +18385,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -18052,7 +18421,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -18062,7 +18431,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -18070,7 +18439,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18081,22 +18450,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18105,25 +18474,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18131,13 +18500,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18147,18 +18516,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18166,7 +18535,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18176,7 +18545,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18184,11 +18553,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18199,7 +18568,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18207,7 +18576,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18216,7 +18585,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18224,7 +18593,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18234,20 +18603,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18255,7 +18624,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18264,18 +18633,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18283,13 +18652,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18298,23 +18667,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18323,63 +18692,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18389,7 +18758,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18397,7 +18766,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18406,21 +18775,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18432,11 +18801,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18444,11 +18813,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18456,7 +18825,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18465,14 +18834,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18481,7 +18850,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18490,48 +18859,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21439,7 +21814,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21888,43 +22263,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21934,23 +22309,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21958,28 +22333,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21987,44 +22362,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/ta/LC_MESSAGES/messages.po b/locales/ta/LC_MESSAGES/messages.po
index 78b363574..bee49ee07 100644
--- a/locales/ta/LC_MESSAGES/messages.po
+++ b/locales/ta/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
@@ -604,7 +604,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1882,7 +1882,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2633,29 +2633,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2664,17 +2651,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5085,7 +5085,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5094,9 +5094,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5209,7 +5209,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5241,28 +5241,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8330,29 +8343,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8363,31 +8398,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9562,44 +9597,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9609,17 +9658,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9627,17 +9676,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9649,38 +9698,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9691,34 +9740,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9726,58 +9775,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9789,18 +9838,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9811,32 +9860,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9844,17 +9893,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9864,49 +9913,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9914,33 +9963,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9951,17 +10000,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9971,33 +10020,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10008,18 +10057,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10029,17 +10078,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10047,17 +10096,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10065,7 +10114,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10073,7 +10122,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10084,24 +10133,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10109,21 +10158,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10131,34 +10180,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12206,7 +12255,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13276,6 +13325,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13413,7 +13463,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15036,6 +15086,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15206,7 +15552,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17094,11 +17440,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17108,11 +17469,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17122,7 +17483,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17130,7 +17491,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17138,11 +17499,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17152,7 +17513,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17162,14 +17523,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17179,7 +17540,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17187,7 +17548,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17196,38 +17557,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17238,29 +17599,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17269,7 +17630,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17279,48 +17640,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17329,7 +17690,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17341,7 +17702,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17351,18 +17712,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17370,11 +17731,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17382,7 +17743,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17392,7 +17753,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17402,7 +17763,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17410,28 +17771,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17440,37 +17801,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17478,19 +17839,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17499,41 +17860,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17543,7 +17904,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17553,11 +17914,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17565,33 +17926,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17600,14 +17961,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17617,7 +17978,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17625,14 +17986,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17642,27 +18003,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17671,7 +18032,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17682,7 +18043,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17692,11 +18061,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17704,11 +18073,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17716,19 +18085,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17737,7 +18106,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17745,11 +18114,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17758,65 +18127,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17824,7 +18193,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17835,7 +18204,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17844,33 +18213,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17880,7 +18249,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17890,7 +18259,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17898,7 +18267,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17909,22 +18278,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17933,25 +18302,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17959,13 +18328,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17975,18 +18344,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17994,7 +18363,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18004,7 +18373,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18012,11 +18381,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18027,7 +18396,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18035,7 +18404,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18044,7 +18413,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18052,7 +18421,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18062,20 +18431,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18083,7 +18452,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18092,18 +18461,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18111,13 +18480,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18126,23 +18495,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18151,63 +18520,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18217,7 +18586,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18225,7 +18594,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18234,21 +18603,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18260,11 +18629,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18272,11 +18641,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18284,7 +18653,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18293,14 +18662,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18309,7 +18678,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18318,48 +18687,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21263,7 +21638,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21712,43 +22087,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21758,23 +22133,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21782,28 +22157,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21811,44 +22186,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/tr/LC_MESSAGES/messages.po b/locales/tr/LC_MESSAGES/messages.po
index e02eb842e..fbb9f238d 100644
--- a/locales/tr/LC_MESSAGES/messages.po
+++ b/locales/tr/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-10-16 20:19+0000\n"
 "Last-Translator: Emr <emrd434@gmail.com>\n"
 "Language-Team: Turkish <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -607,7 +607,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1885,7 +1885,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2636,29 +2636,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2667,17 +2654,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5088,7 +5088,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5097,9 +5097,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5212,7 +5212,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5244,28 +5244,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8333,29 +8346,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8366,31 +8401,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9565,44 +9600,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9612,17 +9661,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9630,17 +9679,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9652,38 +9701,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9694,34 +9743,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9729,58 +9778,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9792,18 +9841,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9814,32 +9863,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9847,17 +9896,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9867,49 +9916,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9917,33 +9966,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9954,17 +10003,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9974,33 +10023,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10011,18 +10060,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10032,17 +10081,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10050,17 +10099,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10068,7 +10117,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10076,7 +10125,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10087,24 +10136,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10112,21 +10161,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10134,34 +10183,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12209,7 +12258,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13279,6 +13328,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13416,7 +13466,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15039,6 +15089,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15209,7 +15555,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17097,11 +17443,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17111,11 +17472,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17125,7 +17486,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17133,7 +17494,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17141,11 +17502,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17155,7 +17516,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17165,14 +17526,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17182,7 +17543,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17190,7 +17551,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17199,38 +17560,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17241,29 +17602,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17272,7 +17633,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17282,48 +17643,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17332,7 +17693,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17344,7 +17705,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17354,18 +17715,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17373,11 +17734,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17385,7 +17746,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17395,7 +17756,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17405,7 +17766,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17413,28 +17774,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17443,37 +17804,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17481,19 +17842,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17502,41 +17863,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17546,7 +17907,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17556,11 +17917,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17568,33 +17929,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17603,14 +17964,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17620,7 +17981,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17628,14 +17989,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17645,27 +18006,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17674,7 +18035,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17685,7 +18046,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17695,11 +18064,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17707,11 +18076,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17719,19 +18088,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17740,7 +18109,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17748,11 +18117,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17761,65 +18130,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17827,7 +18196,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17838,7 +18207,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17847,33 +18216,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17883,7 +18252,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17893,7 +18262,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17901,7 +18270,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17912,22 +18281,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17936,25 +18305,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17962,13 +18331,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -17978,18 +18347,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -17997,7 +18366,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18007,7 +18376,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18015,11 +18384,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18030,7 +18399,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18038,7 +18407,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18047,7 +18416,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18055,7 +18424,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18065,20 +18434,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18086,7 +18455,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18095,18 +18464,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18114,13 +18483,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18129,23 +18498,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18154,63 +18523,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18220,7 +18589,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18228,7 +18597,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18237,21 +18606,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18263,11 +18632,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18275,11 +18644,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18287,7 +18656,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18296,14 +18665,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18312,7 +18681,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18321,48 +18690,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21266,7 +21641,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21715,43 +22090,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21761,23 +22136,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21785,28 +22160,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21814,44 +22189,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/uk/LC_MESSAGES/messages.po b/locales/uk/LC_MESSAGES/messages.po
index ea49c71fd..5ee0f8a50 100644
--- a/locales/uk/LC_MESSAGES/messages.po
+++ b/locales/uk/LC_MESSAGES/messages.po
@@ -15,7 +15,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-03-01 20:00+0000\n"
 "Last-Translator: Sviatoslav Sydorenko <wk+weblate.org@sydorenko.org.ua>\n"
 "Language-Team: Ukrainian <https://hosted.weblate.org/projects/pypa/packaging-"
@@ -789,7 +789,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr "Unix (включаючи Linux і macOS)"
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr "pex"
 
@@ -2216,7 +2216,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 #, fuzzy
 #| msgid "Version"
 msgid "Versioning"
@@ -3002,29 +3002,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr "Імпорт пакету"
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -3033,19 +3020,32 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 #| msgid "Installer"
 msgid "Installed Project"
 msgstr "Встановлювач"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "Модуль"
@@ -5522,7 +5522,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5531,9 +5531,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5646,7 +5646,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5678,28 +5678,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8815,29 +8828,51 @@ msgstr "Використання TestPyPI"
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8848,41 +8883,41 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 #, fuzzy
 #| msgid ":ref:`pip`"
 msgid ":ref:`Flit`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 #, fuzzy
 #| msgid "pip, :ref:`bandersnatch`"
 msgid ":ref:`Hatch`,"
 msgstr "pip, :ref:`bandersnatch`"
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 #, fuzzy
 #| msgid ":ref:`pip`"
 msgid ":ref:`PDM`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 #, fuzzy
 #| msgid ":ref:`pip`"
 msgid ":ref:`Pipenv`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 #, fuzzy
 #| msgid ":ref:`pip`"
 msgid ":ref:`Poetry`,"
 msgstr ":ref:`pip`"
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -10069,44 +10104,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr "devpi"
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -10116,17 +10165,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -10134,17 +10183,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr "enscons"
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -10156,38 +10205,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr "Hashdist"
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -10198,34 +10247,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -10233,60 +10282,60 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr "multibuild"
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 #, fuzzy
 #| msgid "`pip-tools <https://github.com/jazzband/pip-tools>`_"
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr "`pip-tools <https://github.com/jazzband/pip-tools>`_"
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -10298,18 +10347,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr "pip-tools"
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -10320,32 +10369,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr "piwheels"
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -10353,17 +10402,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr "poetry"
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -10373,49 +10422,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -10423,35 +10472,35 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 #, fuzzy
 #| msgid "pypiserver"
 msgid "pypiprivate"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10462,17 +10511,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10482,33 +10531,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr "scikit-build"
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10519,20 +10568,20 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 #, fuzzy
 #| msgid "scikit-build"
 msgid "scikit-build-core"
 msgstr "scikit-build"
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10542,17 +10591,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr "shiv"
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10560,17 +10609,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10578,7 +10627,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10586,7 +10635,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10597,24 +10646,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr "zest.releaser"
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10622,21 +10671,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr "ensurepip"
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10644,36 +10693,36 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 #, fuzzy
 #| msgid "pypiserver"
 msgid "http.server"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr "venv"
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12727,7 +12776,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13799,6 +13848,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr "Специфікація"
@@ -13937,7 +13987,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 #, fuzzy
 msgid "Versions"
 msgstr "Version"
@@ -15593,6 +15643,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15766,7 +16112,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 #, fuzzy
 #| msgid "Packaging tool recommendations"
 msgid "Recommendations"
@@ -17674,12 +18020,27 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "Переклади"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17689,11 +18050,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17703,7 +18064,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17711,7 +18072,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17719,13 +18080,13 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 #| msgid "Installer"
 msgid "Installers"
 msgstr "Встановлювач"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17735,7 +18096,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17745,14 +18106,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17762,7 +18123,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17770,7 +18131,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17779,38 +18140,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17821,29 +18182,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17852,7 +18213,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17862,50 +18223,50 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 #, fuzzy
 #| msgid "Contents"
 msgid "Clients"
 msgstr "Зміст"
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17914,7 +18275,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17926,7 +18287,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17936,18 +18297,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17955,11 +18316,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17967,7 +18328,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17977,7 +18338,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17987,7 +18348,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17995,28 +18356,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -18025,38 +18386,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "Переклади"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -18064,19 +18425,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -18085,45 +18446,45 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 #| msgid "Project"
 msgid "Project List"
 msgstr "Проєкт"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 #, fuzzy
 #| msgid "For example:"
 msgid "As an example:"
 msgstr "Наприклад:"
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -18133,7 +18494,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -18143,13 +18504,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 #| msgid "Project name"
 msgid "Project Detail"
 msgstr "Назва проєкту"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -18157,33 +18518,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -18192,14 +18553,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -18209,7 +18570,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -18217,14 +18578,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -18234,27 +18595,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -18263,7 +18624,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -18274,7 +18635,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -18284,13 +18653,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 #, fuzzy
 #| msgid "Contents"
 msgid "Content-Types"
 msgstr "Зміст"
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -18298,11 +18667,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -18310,19 +18679,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -18331,7 +18700,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -18339,13 +18708,13 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 #| msgid "Version"
 msgid "Version + Format Selection"
 msgstr "Version"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -18354,65 +18723,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -18420,7 +18789,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -18431,7 +18800,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -18440,33 +18809,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -18476,7 +18845,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -18486,7 +18855,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -18494,7 +18863,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18505,22 +18874,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18529,25 +18898,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18555,13 +18924,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18571,18 +18940,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18590,7 +18959,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18600,7 +18969,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18608,11 +18977,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18623,7 +18992,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18631,7 +19000,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18640,7 +19009,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18648,7 +19017,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18658,20 +19027,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18679,7 +19048,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18688,18 +19057,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18707,13 +19076,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18722,23 +19091,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18747,63 +19116,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18813,7 +19182,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18821,7 +19190,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18830,23 +19199,23 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 #, fuzzy
 #| msgid "Additional tools"
 msgid "Additional file information"
 msgstr "Додаткові інструменти"
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18858,11 +19227,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18870,11 +19239,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18882,7 +19251,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18891,14 +19260,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18907,7 +19276,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18916,48 +19285,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21911,7 +22286,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr "Наступні кроки"
 
@@ -22360,43 +22735,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -22406,23 +22781,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr "**Вітаємо, ви запакували та розповсюдили Python-проєкт!** ✨ 🍰 ✨"
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -22434,7 +22809,7 @@ msgstr ""
 "видаляє пакунки та облікові записи. Краще використовувати TestPyPI для "
 "тестування та експериментів, як у цьому туторіалі."
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
@@ -22444,7 +22819,7 @@ msgstr ""
 "пакунків, ви можете зробити те ж саме, що і в цьому туторіалі, але з цими "
 "важливими відмінностями:"
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 #, fuzzy
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
@@ -22454,7 +22829,7 @@ msgstr ""
 "Оберіть пам'ятну й унікальну назву для свого пакунку. Вам не потрібно "
 "додавати своє ім'я користувача, як ви це робили в туторіалі."
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
@@ -22464,7 +22839,7 @@ msgstr ""
 "окремих сервери, а дані для входу для тестового сервера не підходять до "
 "основного."
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -22477,7 +22852,7 @@ msgstr ""
 "repository``; пакунок буде опубліковано на https://pypi.org/ за "
 "замовчуванням."
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
@@ -22485,7 +22860,7 @@ msgstr ""
 "Встановіть свій пакунок зі справжнього PyPI за допомогою ``python3 -m pip "
 "install [your-package]``."
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
@@ -22493,32 +22868,32 @@ msgstr ""
 "На цьому етапі, якщо ви бажаєте почитати більше про пакування Python-"
 "бібліотек, то ось що ви можете зробити:"
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/vi/LC_MESSAGES/messages.po b/locales/vi/LC_MESSAGES/messages.po
index e5962e8d4..4e53ab48e 100644
--- a/locales/vi/LC_MESSAGES/messages.po
+++ b/locales/vi/LC_MESSAGES/messages.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-07-25 13:10+0000\n"
 "Last-Translator: Lenny Tran <lennytran49@gmail.com>\n"
 "Language-Team: Vietnamese <https://hosted.weblate.org/projects/pypa/"
@@ -632,7 +632,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1910,7 +1910,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr ""
 
@@ -2661,29 +2661,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2692,17 +2679,30 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 msgid "Installed Project"
 msgstr ""
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr ""
@@ -5113,7 +5113,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5122,9 +5122,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5237,7 +5237,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5269,28 +5269,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8358,29 +8371,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8391,31 +8426,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9590,44 +9625,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9637,17 +9686,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9655,17 +9704,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9677,38 +9726,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9719,34 +9768,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9754,58 +9803,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9817,18 +9866,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9839,32 +9888,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9872,17 +9921,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9892,49 +9941,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -9942,33 +9991,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -9979,17 +10028,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -9999,33 +10048,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10036,18 +10085,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10057,17 +10106,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10075,17 +10124,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10093,7 +10142,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10101,7 +10150,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10112,24 +10161,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10137,21 +10186,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10159,34 +10208,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12234,7 +12283,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13304,6 +13353,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr ""
@@ -13441,7 +13491,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr ""
 
@@ -15064,6 +15114,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15234,7 +15580,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17122,11 +17468,26 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 msgid "Normalized Names"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17136,11 +17497,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17150,7 +17511,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17158,7 +17519,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17166,11 +17527,11 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 msgid "Installers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17180,7 +17541,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17190,14 +17551,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17207,7 +17568,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17215,7 +17576,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17224,38 +17585,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17266,29 +17627,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17297,7 +17658,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17307,48 +17668,48 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 msgid "Clients"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17357,7 +17718,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17369,7 +17730,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17379,18 +17740,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17398,11 +17759,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17410,7 +17771,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17420,7 +17781,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17430,7 +17791,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17438,28 +17799,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17468,37 +17829,37 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 msgid "JSON Serialization"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17506,19 +17867,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17527,41 +17888,41 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 msgid "Project List"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17571,7 +17932,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17581,11 +17942,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 msgid "Project Detail"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17593,33 +17954,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17628,14 +17989,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17645,7 +18006,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17653,14 +18014,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17670,27 +18031,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17699,7 +18060,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17710,7 +18071,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17720,11 +18089,11 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 msgid "Content-Types"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17732,11 +18101,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17744,19 +18113,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17765,7 +18134,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17773,11 +18142,11 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 msgid "Version + Format Selection"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17786,65 +18155,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17852,7 +18221,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17863,7 +18232,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17872,33 +18241,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -17908,7 +18277,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -17918,7 +18287,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -17926,7 +18295,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -17937,22 +18306,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -17961,25 +18330,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -17987,13 +18356,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18003,18 +18372,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18022,7 +18391,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18032,7 +18401,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18040,11 +18409,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18055,7 +18424,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18063,7 +18432,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18072,7 +18441,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18080,7 +18449,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18090,20 +18459,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18111,7 +18480,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18120,18 +18489,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18139,13 +18508,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18154,23 +18523,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18179,63 +18548,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18245,7 +18614,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18253,7 +18622,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18262,21 +18631,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18288,11 +18657,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18300,11 +18669,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18312,7 +18681,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18321,14 +18690,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18337,7 +18706,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18346,48 +18715,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21291,7 +21666,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21740,43 +22115,43 @@ msgstr ""
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21786,23 +22161,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21810,28 +22185,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21839,44 +22214,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/zh_Hans/LC_MESSAGES/messages.po b/locales/zh_Hans/LC_MESSAGES/messages.po
index fe5e8bd9e..72855aa03 100644
--- a/locales/zh_Hans/LC_MESSAGES/messages.po
+++ b/locales/zh_Hans/LC_MESSAGES/messages.po
@@ -26,14 +26,14 @@
 # Thomas <jzh20180312@163.com>, 2023, 2024.
 # 大王叫我来巡山 <hamburger2048@users.noreply.hosted.weblate.org>, 2024.
 # Peter Shen <xianpeng.shen@gmail.com>, 2024.
+# hello_wac <hellowxchao@gmail.com>, 2024.
 msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
-"PO-Revision-Date: 2024-09-21 00:40+0000\n"
-"Last-Translator: 大王叫我来巡山 <hamburger2048@users.noreply.hosted.weblate."
-"org>\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
+"PO-Revision-Date: 2024-11-12 08:00+0000\n"
+"Last-Translator: hello_wac <hellowxchao@gmail.com>\n"
 "Language-Team: Chinese (Simplified Han script) <https://hosted.weblate.org/"
 "projects/pypa/packaging-python-org/zh_Hans/>\n"
 "Language: zh_Hans\n"
@@ -41,11 +41,11 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Weblate 5.8-dev\n"
+"X-Generator: Weblate 5.8.2\n"
 
 #: ../source/contribute.rst:5
 msgid "Contribute to this guide"
-msgstr "为指南作贡献"
+msgstr "OOp"
 
 #: ../source/contribute.rst:7
 msgid ""
@@ -721,7 +721,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr "Unix（包括 Linux 和 macOS）"
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr "pex"
 
@@ -746,9 +746,8 @@ msgid "Configuration management"
 msgstr "配置管理"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:5
-#, fuzzy
 msgid "Distribution package vs. import package"
-msgstr "发行版与导入包比较"
+msgstr "分发包与导入包比较"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:7
 msgid ""
@@ -757,6 +756,9 @@ msgid ""
 "related meanings in Python packaging, \"distribution package\" and \"import "
 "package\"."
 msgstr ""
+"多个不同的概念通常会用 \"package\" 一词来表示。本页面将澄清 Python 打包管理中"
+"涉及的两个概念，他们既相关又有不同的含义，以及他们之间的区别，即 \"分发包"
+"\"（distribution package）和 \"导入包\"（import package）。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:13
 msgid "What's a distribution package?"
@@ -773,6 +775,12 @@ msgid ""
 "Alternatively, the term \"distribution package\" can be used to refer to a "
 "specific file that contains a certain version of a project."
 msgstr ""
+"分发包（distribution package）是可安装的一段软件。通常情况下，它与 \"项目"
+"\"（project）同义。当你输入 ``pip install pkg`` ，或在 ``pyproject.toml`` 文"
+"件中写入 ``dependencies = [\"pkg\"]`` 时， ``pkg`` 就是一个分发包的名称。当你"
+"在 PyPI_（目前最广为人知的 Python 库和工具的集中安装源）上搜索或浏览时，所看"
+"到的列表就是分发包的列表。另外，\"分发包\" 这个术语也可以用来指代包含项目特定"
+"版本的某个文件。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:24
 msgid ""
@@ -781,6 +789,9 @@ msgid ""
 "by the system package manager of the `Linux distribution <distro_>`_, which "
 "is a different meaning."
 msgstr ""
+"请注意，在 Linux 领域中，“分发软件包”通常缩写为 “distro package” 或简单称为 "
+"“package”，指的是由 ` Linux 发行版 <distro_>`_ 的系统包管理器提供的内容，这"
+"与 Python 中的含义不同。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:31
 msgid "What's an import package?"
@@ -796,6 +807,11 @@ msgid ""
 "is a directory on the file system, containing modules as ``.py`` files and "
 "subpackages as subdirectories."
 msgstr ""
+"导入包（import package）是一个 Python 模块。因此，当你在 Python 代码中编写 "
+"``import pkg`` 或 ``from pkg import func`` 时， ``pkg`` 就是导入包的名称。更"
+"准确地说，导入包是可以包含子模块的特殊 Python 模块。例如， ``numpy`` 包包含"
+"像 ``numpy.linalg`` 和 ``numpy.fft`` 这样的模块。通常，导入包是文件系统中的一"
+"个目录，其中包含作为 ``.py`` 文件的模块和作为子目录的子包。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:42
 msgid ""
@@ -824,6 +840,9 @@ msgid ""
 "blindly install the PyPI package ``foo`` if you see ``import foo``; this may "
 "install an unintended, and potentially even malicious package.)"
 msgstr ""
+"然而，这只是一种约定。PyPI 和其他包索引 **并不强制要求** 分发包的名称与其提供"
+"的导入包之间存在任何关系。（其结果是，当你看到 ``import foo`` 时，不能盲目地"
+"安装 PyPI 包 ``foo`` ；这样可能会安装一个非预期的，甚至是恶意的包。）"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:59
 msgid ""
@@ -836,6 +855,11 @@ msgid ""
 "generally, a fork of an existing library is a common reason for differing "
 "names between the distribution package and the import package."
 msgstr ""
+"一个分发包可以提供一个名称不同的导入包。一个例子是广受欢迎的图像处理库 "
+"Pillow_ 。它的分发包名称是 ``Pillow``，但它提供的导入包名称是 ``PIL``。这是出"
+"于历史原因：Pillow 最初是 PIL 库的一个分支，因此它保留了 ``PIL`` 作为导入名"
+"称，以便现有的 PIL 用户可以轻松切换到 Pillow 。更普遍来说，现有库的分支是导致"
+"分发包和导入包名称不同的常见原因。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:69
 msgid ""
@@ -844,6 +868,9 @@ msgid ""
 "packages with the same name can be provided by several distribution "
 "packages. Again, forks are a common reason for this."
 msgstr ""
+"在特定的包索引(如 PyPI)上，分发包名称必须是唯一的。另一方面，导入包则没有这种"
+"要求。多个分发包可以提供同名的导入包。同样地，分支（fork）是导致这种情况的常"
+"见原因。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:74
 msgid ""
@@ -852,10 +879,13 @@ msgid ""
 "which provides both an ``attrs`` import package with a newer API, and an "
 "``attr`` import package with an older but supported API."
 msgstr ""
+"相反，一个分发包也可以提供多个导入包，尽管这种情况较为少见。一个例子是 "
+"attrs_ 分发包，它提供了一个带有较新 API 的 ``attrs`` 导入包，以及一个较旧但仍"
+"受支持的 ``attr`` 导入包。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:81
 msgid "How do distribution package names and import package names compare?"
-msgstr ""
+msgstr "分发包名称和导入包名称如何比较？"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:83
 msgid ""
@@ -864,6 +894,9 @@ msgid ""
 "[#non-identifier-mod-name]_. In particular, they use underscores ``_`` as "
 "word separator and they are case-sensitive."
 msgstr ""
+"导入包的名称应为有效的 Python 标识符（具体规则可以在 Python 文档中找到：:ref:"
+"`<python:identifiers>`）[＃non-identifier-mod-name]_ 。特别地，它们使用下划"
+"线 ``_`` 作为单词分隔符，并且区分大小写。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:88
 msgid ""
@@ -875,6 +908,11 @@ msgid ""
 "``pip install awesome-package`` (the precise rules are given in the :ref:"
 "`name normalization specification <name-normalization>`)."
 msgstr ""
+"另一方面，分发包可以使用连字符 ``-`` 或下划线 ``_`` 。它们还可以包含点号 ``."
+"`` ，这有时用于打包 :ref:`命名空间包<packaging-namespace-packages>` 的子包。"
+"对于大多数用途，它们对大小写和 ``-`` 与 ``_`` 的区别不敏感，例如， ``pip "
+"install Awesome_Package`` 和 ``pip install awesome-package`` 是相同的（具体规"
+"则可以在 ``<name-normalization>`` 名称规范中找到）。"
 
 #: ../source/discussions/distribution-package-vs-import-package.rst:101
 msgid ""
@@ -882,6 +920,8 @@ msgid ""
 "have a valid Python identifier as their name, using :doc:`importlib <python:"
 "library/importlib>`, this is vanishingly rare and strongly discouraged."
 msgstr ""
+"尽管从技术上讲，通过使用 :doc:`importlib <python:library/importlib>` 可以导入"
+"名称不是有效 Python 标识符的包/模块，但这种情况极为罕见且强烈不推荐。"
 
 #: ../source/discussions/index.rst:4
 msgid ""
@@ -935,8 +975,8 @@ msgid ""
 "breaks the compatibility of your project with v2 of 'A' and later, so it "
 "makes sense to not allow v2:"
 msgstr ""
-"项目A在v2版本中添加了一个改变，该改变将打破你项目向后的兼容性，所以排除v2版本"
-"是合理的："
+"也可以了解到，项目 'A' 在其 v2 版本中引入了一个更改，破坏了你的项目与 'A' 的 "
+"v2 及以后的版本的兼容性，因此不允许使用 v2 是有意义的："
 
 #: ../source/discussions/install-requires-vs-requirements.rst:49
 msgid ""
@@ -1025,15 +1065,14 @@ msgstr ""
 "caremad.io/posts/2013/07/setup-vs-requirement/ 。"
 
 #: ../source/discussions/package-formats.rst:5
-#, fuzzy
 msgid "Package Formats"
-msgstr "上传软件包"
+msgstr "包的格式"
 
 #: ../source/discussions/package-formats.rst:7
 msgid ""
 "This page discusses the file formats that are used to distribute Python "
 "packages and the differences between them."
-msgstr ""
+msgstr "本页讨论了用于分发 Python 包的文件格式及其之间的区别。"
 
 #: ../source/discussions/package-formats.rst:10
 msgid ""
@@ -1046,11 +1085,16 @@ msgid ""
 "publishing a package on PyPI (or elsewhere), you should always upload both "
 "an sdist and one or more wheel."
 msgstr ""
+"在像 PyPI_ 这样的包索引中，你会找到两种格式的文件：**源代码分发包**（简称 "
+"**sdists**）和 **二进制分发包**，通常称为 **wheels**。例如，`PyPI 上的 pip "
+"23.3.1 页面 <pip-pypi_>`_ 允许你下载两个文件，``pip-23.3.1.tar.gz`` 和 "
+"``pip-23.3.1-py3-none-any.whl``。前者是一个 sdist，后者是一个 wheel。如下面所"
+"解释的，这两者有不同的用途。当在 PyPI（或其他地方）发布包时，你应该始终上传一"
+"个 sdist 和一个或多个 wheel 文件。"
 
 #: ../source/discussions/package-formats.rst:21
-#, fuzzy
 msgid "What is a source distribution?"
-msgstr "什么是分发包？"
+msgstr "什么是源分发？"
 
 #: ../source/discussions/package-formats.rst:23
 msgid ""
@@ -1062,6 +1106,11 @@ msgid ""
 "INFO`` file follows the format specified in :ref:`core-metadata` and is not "
 "intended to be written by hand [#core-metadata-format]_."
 msgstr ""
+"从概念上讲，源代码分发包是原始形式的源代码归档。具体来说，sdist 是一个 ``."
+"tar.gz`` 压缩包，包含源代码以及一个额外的特殊文件 ``PKG-INFO`` ，该文件存储项"
+"目的元数据。这个文件的存在帮助打包工具提高效率，因为它不需要自己计算元数据。 "
+"``PKG-INFO`` 文件遵循 :ref:`core-metadata` 中规定的格式，并不打算手动编写 "
+"[#core-metadata-format]_ 。"
 
 #: ../source/discussions/package-formats.rst:31
 msgid ""
@@ -1070,6 +1119,10 @@ msgid ""
 "(like Linux and macOS), or :ref:`the command line interface of Python's "
 "tarfile module <python:tarfile-commandline>` on any platform."
 msgstr ""
+"因此，你可以通过使用标准的工具解压缩 sdist 来检查其内容，这些工具用于处理 "
+"tar 归档文件，例如在 UNIX 平台（如 Linux 和 macOS）上使用 ``tar -xvf`` ，或者"
+"在任何平台上使用 :ref:`Python tarfile 模块的命令行界面 <python:tarfile-"
+"commandline>` 。"
 
 #: ../source/discussions/package-formats.rst:36
 msgid ""
@@ -1081,28 +1134,37 @@ msgid ""
 "Homebrew and MacPorts on macOS, ...), who, for various reasons, may prefer "
 "them over, e.g., pulling from a Git repository."
 msgstr ""
+"Sdists 在打包生态系统中有多个用途。当标准的 Python 包安装工具 :ref:`pip` 无法"
+"找到要安装的 wheel 时，它会回退到下载源代码分发包，从中编译一个 wheel 并安装"
+"这个 wheel。此外，sdists 经常作为下游打包者（如 Linux 发行版、Conda、macOS 上"
+"的 Homebrew 和 MacPorts 等）的包源，因为各种原因，他们可能会更倾向于使用源代"
+"码分发包，而不是例如从 Git 仓库中拉取代码。"
 
 #: ../source/discussions/package-formats.rst:44
 msgid ""
 "A source distribution is recognized by its file name, which has the form :"
 "samp:`{package_name}-{version}.tar.gz`, e.g., ``pip-23.3.1.tar.gz``."
 msgstr ""
+"源分发通过其文件名识别，其格式为： :samp:`{package_name}-{version}.tar.gz`，"
+"例如 ``pip-23.3.1.tar.gz`` 。"
 
 #: ../source/discussions/package-formats.rst:50
 msgid ""
 "If you want technical details on the sdist format, read the :ref:`sdist "
 "specification <source-distribution-format>`."
 msgstr ""
+"如果您需要有关 sdist 格式的技术细节，请阅读： :ref:`sdist 规范 <source-"
+"distribution-format>` 。"
 
 #: ../source/discussions/package-formats.rst:55
 msgid "What is a wheel?"
-msgstr ""
+msgstr "什么是 wheel ?"
 
 #: ../source/discussions/package-formats.rst:57
 msgid ""
 "Conceptually, a wheel contains exactly the files that need to be copied when "
 "installing the package."
-msgstr ""
+msgstr "从概念上讲，wheel 包含在安装包时所需要复制的文件。"
 
 #: ../source/discussions/package-formats.rst:60
 msgid ""
@@ -1113,6 +1175,10 @@ msgid ""
 "files) but compiled, executable code (like ``.so`` files on Linux or DLLs on "
 "Windows)."
 msgstr ""
+"对于包含 :term:`扩展模块 <extension module>` 的包（这些模块用 C、C++ 和 Rust "
+"等编译语言编写，需要编译成平台相关的机器代码），sdists 和 wheels 之间存在很大"
+"区别。对于这些包，wheels 不包含源代码（如 C 源文件），而是包含已编译的可执行"
+"代码（例如 Linux 上的 ``.so`` 文件或 Windows 上的 DLL 文件）。"
 
 #: ../source/discussions/package-formats.rst:66
 msgid ""
@@ -1123,6 +1189,10 @@ msgid ""
 "Python interpreter (unless the :ref:`Python stable ABI <cpython-stable-abi>` "
 "is used)."
 msgstr ""
+"此外，虽然每个版本的项目只有一个 sdist，但可能有多个 wheels。同样，这在扩展模"
+"块的上下文中最为相关。扩展模块的编译代码与操作系统和处理器架构相关，通常还与 "
+"Python 解释器的版本相关（除非使用 :ref:`Python 稳定 ABI <cpython-stable-"
+"abi>` ）。"
 
 #: ../source/discussions/package-formats.rst:72
 msgid ""
@@ -1131,6 +1201,9 @@ msgid ""
 "versions.  Python is an interpreted language, which does not need ahead-of-"
 "time compilation, so wheels contain ``.py`` files just like sdists."
 msgstr ""
+"对于纯 Python 包，sdists 和 wheels 之间的区别较小。通常情况下，所有平台和 "
+"Python 版本共享一个单一的 wheel。Python 是一种解释型语言，不需要预编译，因此 "
+"wheels 和 sdists 一样，包含 ``.py`` 文件。"
 
 #: ../source/discussions/package-formats.rst:77
 msgid ""
@@ -1140,6 +1213,10 @@ msgid ""
 "Python version instead of one single wheel. Instead, installers like :ref:"
 "`pip` generate them while installing the package."
 msgstr ""
+"如果你对 ``.pyc`` 字节码文件有所疑问：它们不包含在 wheels 中，因为生成它们的"
+"成本很低，而且包含它们会不必要地迫使大量包为每个 Python 版本分发一个 wheel，"
+"而不是一个单一的 wheel。相反，像 :ref:`pip` 这样的安装工具会在安装包时生成这"
+"些文件。"
 
 #: ../source/discussions/package-formats.rst:83
 msgid ""
@@ -1152,6 +1229,11 @@ msgid ""
 "along with a hash of their content, as a safety check of the download's "
 "integrity."
 msgstr ""
+"尽管如此，即使对于纯 Python 项目，sdists 和 wheels 之间仍然存在重要的区别。"
+"Wheels 的目的是包含要安装的内容，并且不包含其他内容。特别是，wheels 不应包含"
+"测试和文档，而 sdists 通常会包含这些。此外，wheel 格式比 sdist 更复杂。例如，"
+"它包含一个特殊文件—— ``RECORD`` ，该文件列出了 wheel 中的所有文件及其内容的哈"
+"希值，用作下载完整性的安全检查。"
 
 #: ../source/discussions/package-formats.rst:91
 msgid ""
@@ -1166,6 +1248,13 @@ msgid ""
 "for your users, since a wheel is directly installable. By only including "
 "files that must be installed, wheels also make for smaller downloads."
 msgstr ""
+"乍一看，你可能会想，\"纯粹的基础\" Python 项目是否真的需要 wheels。请记住，由"
+"于 sdists 的灵活性，像 pip 这样的安装工具不能直接从 sdists 安装——它们需要首先"
+"通过调用 sdist 指定的 :term:`build backend` 来构建一个 wheel（构建后端在构建 "
+"wheel 时可能会执行各种转换，例如编译 C 扩展）。因此，即使是纯 Python 项目，你"
+"也应该始终将 *sdist* 和 *wheel* 都上传到 PyPI 或其他包索引。这会使你的用户安"
+"装速度更快，因为 wheel 可以直接安装。通过只包含必须安装的文件，wheels 也使得"
+"下载文件更小。"
 
 #: ../source/discussions/package-formats.rst:102
 msgid ""
@@ -1176,6 +1265,11 @@ msgid ""
 "interface of Python's zipfile module <python:zipfile-commandline>`. This can "
 "be very useful to check that the wheel includes all the files you need it to."
 msgstr ""
+"在技术层面上，wheel 是一个 ZIP 归档文件（与 sdist 的 TAR 归档文件不同）。你可"
+"以通过像处理普通 ZIP 归档文件一样解压它来检查其内容，例如，在 Linux 和 macOS "
+"等 UNIX 平台上使用 ``unzip`` ，在 Windows 上使用 Powershell 的 ``Expand-"
+"Archive`` ，或使用 :ref:`Python zipfile 模块的命令行界面 <python:zipfile-"
+"commandline>` 。这对于检查 wheel 是否包含你需要的所有文件非常有用。"
 
 #: ../source/discussions/package-formats.rst:109
 msgid ""
@@ -1185,6 +1279,10 @@ msgid ""
 "equivalent of ``PKG-INFO`` in sdists, as well as ``RECORD``. This can be "
 "useful to ensure no files are missing from your wheels."
 msgstr ""
+"在 wheel 中，你会找到包的文件，以及一个名为 :samp:`{package_name}-{version}."
+"dist-info` 的额外目录。该目录包含多个文件，其中包括 ``METADATA`` 文件，它相当"
+"于 sdist 中的 ``PKG-INFO`` ，以及 ``RECORD`` 文件。这对于确保你的 wheel 中没"
+"有缺失文件非常有用。"
 
 #: ../source/discussions/package-formats.rst:115
 msgid ""
@@ -1194,6 +1292,10 @@ msgid ""
 "the wheel is compatible with. For example, the name ``pip-23.3.1-py3-none-"
 "any.whl`` means that:"
 msgstr ""
+"一个 wheel 的文件名（忽略一些很少使用的特性）看起来是这样的： :samp:"
+"`{package_name}-{version}-{python_tag}-{abi_tag}-{platform_tag}.whl`。这种命"
+"名约定用于标识 wheel 与哪些平台和 Python 版本兼容。例如，文件名 ``pip-23.3.1-"
+"py3-none-any.whl`` 意味着："
 
 #: ../source/discussions/package-formats.rst:121
 msgid ""
@@ -1201,31 +1303,36 @@ msgid ""
 "whether CPython, the most widely used Python implementation, or an "
 "alternative implementation like PyPy_;"
 msgstr ""
+"（ ``py3`` ）这个 wheel 可以安装在任何 Python 3 的实现上，无论是最广泛使用的 "
+"Python 实现 CPython，还是像 PyPy_ 这样的替代实现;"
 
 #: ../source/discussions/package-formats.rst:124
 msgid "(``none``) It does not depend on the Python version;"
-msgstr ""
+msgstr "( ``none`` ) 不依赖于 Python 版本;"
 
 #: ../source/discussions/package-formats.rst:125
 msgid "(``any``) It does not depend on the platform."
-msgstr ""
+msgstr "(``any``) 它不依赖于任何平台。"
 
 #: ../source/discussions/package-formats.rst:127
 msgid ""
 "The pattern ``py3-none-any`` is common for pure Python projects. Packages "
 "with extension modules typically ship multiple wheels with more complex tags."
 msgstr ""
+"``py3-none-any`` 这个模式通常用于纯 Python 项目。包含扩展模块的包通常会提供多"
+"个具有更复杂标签的 wheels 。"
 
 #: ../source/discussions/package-formats.rst:130
 msgid ""
 "All technical details on the wheel format can be found in the :ref:`wheel "
 "specification <binary-distribution-format>`."
 msgstr ""
+"有关 wheel 格式的所有技术细节均可在： :ref:`wheel 规范 <binary-distribution-"
+"format>` 中找到。"
 
 #: ../source/discussions/package-formats.rst:138
-#, fuzzy
 msgid "What about eggs?"
-msgstr "那其他命令呢？"
+msgstr "那么 eggs 格式呢？"
 
 #: ../source/discussions/package-formats.rst:140
 msgid ""
@@ -1233,14 +1340,14 @@ msgid ""
 "format.  It should not be used anymore. Since August 2023, PyPI `rejects egg "
 "uploads <pypi-eggs-deprecation_>`_."
 msgstr ""
+"\"Egg\" 是一种旧的包格式，已经被 wheel 格式取代。现在不应再使用它。从 2023 "
+"年 8 月起，PyPI 已经 `拒绝上传 egg 格式包 <pypi-eggs-deprecation_>`_ 。"
 
 #: ../source/discussions/package-formats.rst:144
-#, fuzzy
 msgid "Here's a breakdown of the important differences between wheel and egg."
 msgstr "下面是关于 :term:`Wheel` 和 :term:`Egg` 之间的重要区别。"
 
 #: ../source/discussions/package-formats.rst:146
-#, fuzzy
 msgid ""
 "The egg format was introduced by :ref:`setuptools` in 2004, whereas the "
 "wheel format was introduced by :pep:`427` in 2012."
@@ -1249,7 +1356,6 @@ msgstr ""
 "是由 :pep:`427` 在2012年引入。"
 
 #: ../source/discussions/package-formats.rst:149
-#, fuzzy
 msgid ""
 "Wheel has an :doc:`official standard specification </specifications/binary-"
 "distribution-format>`. Egg did not."
@@ -1258,19 +1364,17 @@ msgstr ""
 "format>`，而 :term:`Egg` 没有。"
 
 #: ../source/discussions/package-formats.rst:152
-#, fuzzy
 msgid ""
 "Wheel is a :term:`distribution <Distribution Package>` format, i.e a "
 "packaging format. [#wheel-importable]_ Egg was both a distribution format "
 "and a runtime installation format (if left zipped), and was designed to be "
 "importable."
 msgstr ""
-":term:`Wheel`是一种 :term:`distribution <Distribution Package>`格式，也就是一"
-"种打包格式。[1]_ :term:`Egg`既是一种发行格式，也是一种运行时的安装格式（如果"
-"留下压缩包），并被设计为可导入。"
+":term:`Wheel`是一种 :term:`分发 <Distribution Package>`格式，也就是一种打包格"
+"式。 [1]_ :term:`Egg` 既是一种发行格式，也是一种运行时的安装格式（如果留下压"
+"缩包），并被设计为可导入。"
 
 #: ../source/discussions/package-formats.rst:156
-#, fuzzy
 msgid ""
 "Wheel archives do not include ``.pyc`` files. Therefore, when the "
 "distribution only contains Python files (i.e. no compiled extensions), and "
@@ -1278,21 +1382,19 @@ msgid ""
 "\"universal\", similar to an :term:`sdist <Source Distribution (or "
 "\"sdist\")>`."
 msgstr ""
-":term:`Wheel`档案不包括 .pyc 文件。因此，当发行版只包含 Python 文件（即没有编"
-"译的扩展），并且与 Python 2 和 3 兼容时，wheel 有可能是 「通用」的，类似于 :"
-"term:`sdist <Source Distribution (or \"sdist\")>`。"
+":term:`Wheel`格式不包括 ``.pyc`` 文件。因此，当发行版只包含 Python 文件（即没"
+"有编译的扩展），并且与 Python 2 和 3 兼容时，wheel 有可能是 「通用」的，类似"
+"于 :term:`sdist <Source Distribution (or \"sdist\")>` (源分发)。"
 
 #: ../source/discussions/package-formats.rst:161
-#, fuzzy
 msgid ""
 "Wheel uses standard :ref:`.dist-info directories <recording-installed-"
 "packages>`.  Egg used ``.egg-info``."
 msgstr ""
-":term:`Wheel` 使用 :pep:`PEP376-compliant <376>```.dist-info`` 目录。 Egg 使"
+"Wheel 使用标准 :ref:`.dist-info 目录 <recording-installed-packages>` 。Egg 使"
 "用 ``.egg-info`` 。"
 
 #: ../source/discussions/package-formats.rst:164
-#, fuzzy
 msgid ""
 "Wheel has a :ref:`richer file naming convention <wheel-file-name-spec>`. A "
 "single wheel archive can indicate its compatibility with a number of Python "
@@ -1302,16 +1404,14 @@ msgstr ""
 "可以表明它与许多 Python 语言版本和工具、ABI 以及系统架构的兼容性。"
 
 #: ../source/discussions/package-formats.rst:168
-#, fuzzy
 msgid ""
 "Wheel is versioned. Every wheel file contains the version of the wheel "
 "specification and the implementation that packaged it."
 msgstr ""
-":term:`Wheel`是有版本的。每个 wheel 文件都包含 wheel 规范的版本和包装它的工"
+":term:`Wheel` 是有版本的。每个 wheel 文件都包含 wheel 规范的版本和包装它的工"
 "具。"
 
 #: ../source/discussions/package-formats.rst:171
-#, fuzzy
 msgid ""
 "Wheel is internally organized by `sysconfig path type <https://docs.python."
 "org/2/library/sysconfig.html#installation-paths>`_, therefore making it "
@@ -1329,6 +1429,10 @@ msgid ""
 "backend, typically ``[project]`` in ``pyproject.toml``, and translated by "
 "the build backend into ``PKG-INFO``."
 msgstr ""
+"该格式是基于电子邮件的。尽管今天不太可能选择这种格式，但出于向后兼容性考虑，"
+"它仍然作为规范格式保留下来。从用户的角度来看，这通常是不可见的，因为元数据是"
+"以构建后端可以理解的方式由用户指定的，通常是在 ``pyproject.toml`` 中的 "
+"``[project]`` 部分，并由构建后端转换为 ``PKG-INFO`` 文件。"
 
 #: ../source/discussions/package-formats.rst:184
 msgid ""
@@ -1336,8 +1440,8 @@ msgid ""
 "format, although :ref:`this is not officially supported at this time <binary-"
 "distribution-format-import-wheel>`."
 msgstr ""
-"在某些情况下，wheels 可用作可导入的运行时格式，尽管 :ref:` 目前官方并不支持 "
-"<binary-distribution-format-import-wheel> `。"
+"在某些情况下，wheels 可以作为可导入的运行时格式使用，尽管 :ref:`目前官方并不"
+"支持这种用法 <binary-distribution-format-import-wheel>` 。"
 
 #: ../source/discussions/pip-vs-easy-install.rst:6
 msgid "pip vs easy_install"
@@ -1513,6 +1617,10 @@ msgid ""
 "example (a similar practice is used by other tools like *nox* and its :file:"
 "`noxfile.py` configuration file, or *pytest* and :file:`conftest.py`)."
 msgstr ""
+"Setuptools 完全可以作为打包 Python 项目的 :term:`构建后端` 使用。而 :file:"
+"`setup.py` 是一个有效的 :ref:`setuptools` 配置文件，它恰好是用 Python 编写"
+"的，而不是使用 *TOML* （例如，其他工具如 *nox* 及其 :file:`noxfile.py` 配置文"
+"件，或 *pytest* 及其 :file:`conftest.py` 文件也采用类似做法）。"
 
 #: ../source/discussions/setup-py-deprecated.rst:18
 msgid ""
@@ -1557,7 +1665,7 @@ msgstr "相反，应该使用什么命令？"
 #: ../source/discussions/setup-py-deprecated.rst:33
 #: ../source/guides/modernize-setup-py-project.rst:30
 msgid "Deprecated"
-msgstr "废弃"
+msgstr "弃用"
 
 #: ../source/discussions/setup-py-deprecated.rst:33
 #: ../source/guides/modernize-setup-py-project.rst:30
@@ -1585,6 +1693,9 @@ msgid ""
 "what ``python -m build`` does. If necessary the ``--sdist`` and ``--wheel`` "
 "options can be used to generate only one or the other."
 msgstr ""
+"这需要 :ref:`build` 依赖项。建议始终构建并发布项目的源代码分发包和 wheel，这"
+"正是 ``python -m build`` 所做的。如果需要，可以使用 ``--sdist`` 和 ``--"
+"wheel`` 选项仅生成其中之一。"
 
 #: ../source/discussions/setup-py-deprecated.rst:52
 msgid ""
@@ -1597,6 +1708,12 @@ msgid ""
 "on the local filesystem as argument to its ``install`` sub-command. So this "
 "would also be a valid command: ``python -m pip install path/to/project``."
 msgstr ""
+"为了安装基于 setuptools 的项目，过去通常会运行 :file:`setup.py` 的 "
+"``install`` 命令，例如： ``python setup.py install`` 。如今，推荐的方法是直接"
+"使用 :ref:`pip` ， 命令如下： ``python -m pip install .`` 。其中点号 ``.`` 实"
+"际上是一个文件系统路径，表示当前目录的路径符号。实际上， *pip* 接受本地文件系"
+"统上项目源代码目录的路径作为其 ``install`` 子命令的参数。因此，以下命令也是有"
+"效的： ``python -m pip install path/to/project`` 。"
 
 #: ../source/discussions/setup-py-deprecated.rst:65
 msgid ""
@@ -1604,6 +1721,9 @@ msgid ""
 "``python setup.py develop`` one can use the ``--editable`` option of pip's "
 "*install* sub-command: ``python -m pip install --editable .``."
 msgstr ""
+"至于 *develop* 模式，也就是 *editable* 模式的安装，除了使用 ``python setup."
+"py develop`` ，还可以使用 pip 的 *install* 子命令的 ``--editable`` 选项： "
+"``python -m pip install --editable .`` 。"
 
 #: ../source/discussions/setup-py-deprecated.rst:70
 msgid ""
@@ -1615,6 +1735,11 @@ msgid ""
 "generate only one or the other. Note that the build tool needs to be "
 "installed separately."
 msgstr ""
+"构建 :term:`源代码分发包 <Source Distribution (or \"sdist\")>` 和 :term:"
+"`wheels <Wheel>` 的一种推荐、简单且直接的方法是使用 :ref:`build` 工具，命令如"
+"下： ``python -m build``，该命令会触发生成这两种分发格式。如果需要，可以使用 "
+"``--sdist`` 和 ``--wheel`` 选项仅生成其中之一。请注意，build 工具需要单独安"
+"装。"
 
 #: ../source/discussions/setup-py-deprecated.rst:80
 msgid ""
@@ -1669,6 +1794,8 @@ msgid ""
 "But might be necessary on other :term:`package indexes <package index>` (for "
 "example :ref:`devpi`)."
 msgstr ""
+"在 :term:`PyPI <Python Package Index (PyPI)>` 上不必要，也不被支持。但在其"
+"他 :term:`包索引 <package index>` 上可能是必要的（例如 :ref:`devpi` ）。"
 
 #: ../source/discussions/setup-py-deprecated.rst:112
 msgid "``python setup.py --version``"
@@ -1677,7 +1804,7 @@ msgstr "``python setup.py --version``"
 #: ../source/discussions/setup-py-deprecated.rst:114
 msgid ""
 "A possible replacement solution (among others) is to rely on setuptools-scm_:"
-msgstr ""
+msgstr "一种可能的替代解决方案（除其他外）是依赖 setuptools-scm_ ："
 
 #: ../source/discussions/setup-py-deprecated.rst:116
 msgid "``python -m setuptools_scm``"
@@ -1806,7 +1933,7 @@ msgstr ""
 
 #: ../source/discussions/setup-py-deprecated.rst:166
 msgid "What about custom build steps?"
-msgstr ""
+msgstr "自定义构建步骤要怎么做？"
 
 #: ../source/discussions/setup-py-deprecated.rst:168
 msgid ""
@@ -1814,6 +1941,9 @@ msgid ""
 "``build_py``, ``build_ext``, and ``bdist_wheel`` or add new build steps are "
 "not deprecated. Those will be automatically called as expected."
 msgstr ""
+"自定义构建步骤，例如覆盖现有步骤（如 ``build_py`` 、 ``build_ext`` 和 "
+"``bdist_wheel`` ）或添加新的构建步骤，并没有被弃用。这些步骤将会按预期自动调"
+"用。"
 
 #: ../source/discussions/setup-py-deprecated.rst:175
 #: ../source/guides/modernize-setup-py-project.rst:21
@@ -1854,16 +1984,19 @@ msgid ""
 "table is to assume that the :term:`build backend <Build Backend>` is "
 "setuptools."
 msgstr ""
+"在没有 :file:`pyproject.toml` 文件及其 ``[build-system]`` 表的情况下， :term:"
+"`构建前端 <Build Frontend>` 的标准回退行为是默认假设 :term:`构建后端 <Build "
+"Backend>` 是 setuptools。"
 
 #: ../source/discussions/setup-py-deprecated.rst:204
 msgid "Why? What does it all mean?"
-msgstr ""
+msgstr "为什么？这一切意味着什么？"
 
 #: ../source/discussions/setup-py-deprecated.rst:206
 msgid ""
 "One way to look at it is that the scope of setuptools has now been reduced "
 "to the role of a build backend."
-msgstr ""
+msgstr "一种看法是，setuptools 的作用范围现在已被缩小至构建后端的角色。"
 
 #: ../source/discussions/setup-py-deprecated.rst:211
 #: ../source/guides/modernize-setup-py-project.rst:244
@@ -1880,17 +2013,15 @@ msgstr ":doc:`setuptools:deprecated/commands`"
 
 #: ../source/discussions/single-source-version.rst:5
 msgid "Single-sourcing the Project Version"
-msgstr ""
+msgstr "单一来源项目版本"
 
 #: ../source/discussions/single-source-version.rst:7
-#, fuzzy
 msgid "Complete"
-msgstr "不完全"
+msgstr "完成"
 
 #: ../source/discussions/single-source-version.rst:8
-#, fuzzy
 msgid "2024-10-07"
-msgstr "2021-8-24"
+msgstr "2024-10-07"
 
 #: ../source/discussions/single-source-version.rst:10
 msgid ""
@@ -1900,6 +2031,10 @@ msgid ""
 "same version specifier as :func:`importlib.metadata.version` reports for the "
 "distribution package (as described in :ref:`runtime-version-access`)."
 msgstr ""
+"许多 Python :term:`分发包 <Distribution Package>` 发布一个单一的 Python :"
+"term:`导入包 <Import Package>` ，在这种情况下，希望导入包上的运行时 "
+"``__version__`` 属性报告与 :func:`importlib.metadata.version` 为分发包报告的"
+"相同版本说明符（如 :ref:`运行时版本访问 <runtime-version-access>` 中所述）。"
 
 #: ../source/discussions/single-source-version.rst:16
 msgid ""
@@ -1907,34 +2042,41 @@ msgid ""
 "a version control system *tag* (such as ``v1.2.3``) rather than being "
 "manually updated in the source code."
 msgstr ""
+"此外，通常希望该版本信息是从版本控制系统的 *标签* （如 ``v1.2.3`` ）中派生"
+"的，而不是手动在源代码中更新。"
 
 #: ../source/discussions/single-source-version.rst:20
 msgid ""
 "Some projects may choose to simply live with the data entry duplication, and "
 "rely on automated testing to ensure the different values do not diverge."
 msgstr ""
+"一些项目可能选择容忍数据输入的重复，并依赖自动化测试来确保不同的值不会出现偏"
+"差。"
 
 #: ../source/discussions/single-source-version.rst:23
 msgid ""
 "Alternatively, a project's chosen build system may offer a way to define a "
 "single source of truth for the version number."
-msgstr ""
+msgstr "另外，项目选择的构建系统可能提供一种方法来定义版本号的单一权威来源。"
 
 #: ../source/discussions/single-source-version.rst:26
 msgid "In general, the options are:"
-msgstr ""
+msgstr "一般而言，选项包括："
 
 #: ../source/discussions/single-source-version.rst:28
 msgid ""
 "If the code is in a version control system (VCS), such as Git, then the "
 "version can be extracted from the VCS."
 msgstr ""
+"如果代码位于版本控制系统 (VCS)（例如 Git）中，则可以从 VCS 中提取版本。"
 
 #: ../source/discussions/single-source-version.rst:30
 msgid ""
 "The version can be hard-coded into the :file:`pyproject.toml` file -- and "
 "the build system can copy it into other locations it may be required."
 msgstr ""
+"该版本可以硬编码到： :file:`pyproject.toml` 文件中——并且构建系统可以将其复制"
+"到可能需要的其他位置。"
 
 #: ../source/discussions/single-source-version.rst:33
 msgid ""
@@ -1944,10 +2086,14 @@ msgid ""
 "attribute in a particular module, such as :file:`__init__.py`. The build "
 "system can then extract it from the runtime location at build time."
 msgstr ""
+"版本字符串可以被硬编码到源代码中——可以是在一个特殊用途的文件中，例如 :file:"
+"`_version.txt`（该文件必须作为项目源代码分发包的一部分进行发布），或者作为特"
+"定模块中的一个属性，例如 :file:`__init__.py` 。构建系统随后可以在构建时从运行"
+"时位置提取它。"
 
 #: ../source/discussions/single-source-version.rst:38
 msgid "Consult your build system's documentation for their recommended method."
-msgstr ""
+msgstr "请查阅您的构建系统文档以了解其推荐的方法。"
 
 #: ../source/discussions/single-source-version.rst:40
 msgid ""
@@ -1957,40 +2103,48 @@ msgid ""
 "``importlib.metadata.version(\"dist-name\")`` report the same value (note: "
 "for many projects, ``import_name`` and ``dist-name`` will be the same name)."
 msgstr ""
+"当目标是让分发包及其关联的导入包共享相同的版本时，建议项目包括一个自动化测试"
+"用例，确保 ``import_name.__version__`` 和 ``importlib.metadata."
+"version(\"dist-name\")`` 报告相同的值（注意：对于许多项目， ``import_name`` "
+"和 ``dist-name`` 将是相同的名称）。"
 
 #: ../source/discussions/single-source-version.rst:50
 msgid "Build System Version Handling"
-msgstr ""
+msgstr "构建系统版本处理"
 
 #: ../source/discussions/single-source-version.rst:52
 msgid ""
 "The following are links to some build system's documentation for handling "
 "version strings."
-msgstr ""
+msgstr "以下是一些用于处理版本字符串的构建系统文档的链接。"
 
 #: ../source/discussions/single-source-version.rst:54
 msgid "`Flit <https://flit.pypa.io/en/stable/>`_"
-msgstr ""
+msgstr "`Flit 分发 <https://flit.pypa.io/en/stable/>`_"
 
 #: ../source/discussions/single-source-version.rst:56
-#, fuzzy
 msgid "`Hatchling <https://hatch.pypa.io/1.9/version/>`_"
-msgstr "`Apache <https://httpd.apache.org/>`_"
+msgstr "`Hatchling 项目管理器 <https://hatch.pypa.io/1.9/version/>`_"
 
 #: ../source/discussions/single-source-version.rst:58
 msgid ""
 "`PDM <https://pdm-project.org/en/latest/reference/pep621/#__tabbed_1_2>`_"
 msgstr ""
+"`PDM <https://pdm-project.org/en/latest/reference/pep621/#__tabbed_1_2>`_"
 
 #: ../source/discussions/single-source-version.rst:60
 msgid ""
 "`Setuptools <https://setuptools.pypa.io/en/latest/userguide/pyproject_config."
 "html#dynamic-metadata>`_"
 msgstr ""
+"`Setuptools 工具 <https://setuptools.pypa.io/en/latest/userguide/"
+"pyproject_config.html#dynamic-metadata>`_"
 
 #: ../source/discussions/single-source-version.rst:62
 msgid "`setuptools_scm <https://setuptools-scm.readthedocs.io/en/latest/>`_"
 msgstr ""
+"`setuptools_scm 提取 Python 包版本 <https://setuptools-scm.readthedocs.io/en/"
+"latest/>`_"
 
 #: ../source/discussions/src-layout-vs-flat-layout.rst:5
 msgid "src layout vs flat layout"
@@ -2035,6 +2189,9 @@ msgid ""
 "<setuptools:userguide/development_mode>` is used for development and a "
 "regular installation is used for testing)."
 msgstr ""
+"这意味着 `src` 布局在项目的开发工作流程中涉及一个额外的步骤（通常，在开发中使"
+"用 :doc:`可编辑安装 <setuptools:userguide/development_mode>` ，在测试中使用常"
+"规安装）。"
 
 #: ../source/discussions/src-layout-vs-flat-layout.rst:56
 msgid ""
@@ -2071,6 +2228,8 @@ msgid ""
 "userguide/development_mode>` is only able to import files that were meant to "
 "be importable."
 msgstr ""
+"`src` 布局有助于确保 :doc:`可编辑安装 <setuptools:userguide/"
+"development_mode>` 仅能导入那些本应可导入的文件。"
 
 #: ../source/discussions/src-layout-vs-flat-layout.rst:74
 msgid ""
@@ -2078,6 +2237,8 @@ msgid ""
 "using a `path configuration file <https://docs.python.org/3/library/site."
 "html#index-2>`_ that adds the directory to the import path."
 msgstr ""
+"当可编辑安装使用 `路径配置文件 <https://docs.python.org/3/library/site."
+"html#index-2>`_ 来实现并将目录添加到导入路径时，这一点尤为重要。"
 
 #: ../source/discussions/src-layout-vs-flat-layout.rst:78
 msgid ""
@@ -2086,10 +2247,13 @@ msgid ""
 "``noxfile.py``) on the import path. This would make certain imports work in "
 "editable installations but not regular installations."
 msgstr ""
+"扁平布局会将其他项目文件（例如： ``README.md`` 、 ``tox.ini`` ）和打包/工具配"
+"置文件（例如： ``setup.py`` 、 ``noxfile.py`` ）添加到导入路径。这会使某些导"
+"入在可编辑安装中工作，但在常规安装中无法工作。"
 
 #: ../source/discussions/src-layout-vs-flat-layout.rst:86
 msgid "Running a command-line interface from source with src-layout"
-msgstr ""
+msgstr "从源代码使用 `src` 布局中运行命令行界面"
 
 #: ../source/discussions/src-layout-vs-flat-layout.rst:88
 msgid ""
@@ -2101,15 +2265,20 @@ msgid ""
 "the package folder to  Python's :py:data:`sys.path` when called via its :"
 "file:`__main__.py` file:"
 msgstr ""
+"由于前述的 `src` 布局的特点，命令行界面不能直接从 :term:`源代码树 <Project "
+"Source Tree>` 运行，而需要将包安装为 :doc:`开发模式 <setuptools:userguide/"
+"development_mode>` 以便进行测试。由于在某些情况下这可能不太实际，一个解决方法"
+"是在通过其 :file:`__main__.py` 文件调用时，将包文件夹添加到 Python 的 :py:"
+"data:`sys.path` 中："
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 msgid "Versioning"
 msgstr "版本"
 
 #: ../source/discussions/versioning.rst:8
 msgid "This discussion covers all aspects of versioning Python packages."
-msgstr ""
+msgstr "本讨论涵盖了 Python 包版本控制的所有方面。"
 
 #: ../source/discussions/versioning.rst:12
 msgid "Valid version numbers"
@@ -2124,10 +2293,14 @@ msgid ""
 "`specification of version specifiers <version-specifiers>`. Here are some "
 "examples of version numbers [#version-examples]_:"
 msgstr ""
+"不同的 Python 项目可能根据各自的需求使用不同的版本控制方案，但为了与像 :ref:"
+"`pip` 这样的工具兼容，所有这些项目都需要遵循一个灵活的版本标识符格式，权威参"
+"考是 :ref:`版本规范说明 <version-specifiers>` 。以下是一些版本号的示例 "
+"[#version-examples]_ ："
 
 #: ../source/discussions/versioning.rst:21
 msgid "A simple version (final release): ``1.2.0``"
-msgstr ""
+msgstr "简单版本（最终版本）： ``1.2.0``"
 
 #: ../source/discussions/versioning.rst:22
 msgid "A development release: ``1.2.0.dev1``"
@@ -2135,37 +2308,37 @@ msgstr "开发版本：``1.2.0.dev1``"
 
 #: ../source/discussions/versioning.rst:23
 msgid "An alpha release: ``1.2.0a1``"
-msgstr ""
+msgstr "alpha 版本： ``1.2.0a1``"
 
 #: ../source/discussions/versioning.rst:24
 msgid "A beta release: ``1.2.0b1``"
-msgstr ""
+msgstr "测试版本： ``1.2.0b1``"
 
 #: ../source/discussions/versioning.rst:25
 msgid "A release candidate: ``1.2.0rc1``"
-msgstr ""
+msgstr "发布版本： ``1.2.0rc1``"
 
 #: ../source/discussions/versioning.rst:26
 msgid "A post-release: ``1.2.0.post1``"
-msgstr ""
+msgstr "后续发布： ``1.2.0.post1``"
 
 #: ../source/discussions/versioning.rst:27
 msgid ""
 "A post-release of an alpha release (possible, but discouraged): ``1.2.0a1."
 "post1``"
-msgstr ""
+msgstr "alpha 版本的后续发布（可能，但不鼓励）： ``1.2.0a1.post1``"
 
 #: ../source/discussions/versioning.rst:28
 msgid "A simple version with only two components: ``23.12``"
-msgstr ""
+msgstr "仅包含两个组件的简单版本：``23.12``"
 
 #: ../source/discussions/versioning.rst:29
 msgid "A simple version with just one component: ``42``"
-msgstr ""
+msgstr "只有一个组件的简单版本：``42``"
 
 #: ../source/discussions/versioning.rst:30
 msgid "A version with an epoch: ``1!1.0``"
-msgstr ""
+msgstr "带有时期的版本：``1!1.0``"
 
 #: ../source/discussions/versioning.rst:32
 msgid ""
@@ -2176,6 +2349,10 @@ msgid ""
 "versions of dependencies to install, unless explicitly requested (e.g., with "
 "``pip install pkg==1.1a3`` or ``pip install --pre pkg``)."
 msgstr ""
+"项目可以使用一系列的预发布版本，以便在最终发布之前支持用户进行测试。步骤顺序"
+"为：alpha 版本、beta 版本、候选发布版本、最终发布版本。默认情况下，pip 和其他"
+"现代 Python 包安装器在决定安装哪些依赖版本时，会忽略预发布版本，除非明确请求"
+"（例如，使用 ``pip install pkg==1.1a3`` 或 ``pip install --pre pkg`` ）。"
 
 #: ../source/discussions/versioning.rst:39
 msgid ""
@@ -2183,6 +2360,8 @@ msgid ""
 "a development cycle, for example, a nightly build, or a build from the "
 "latest source in a Linux distribution."
 msgstr ""
+"开发版本的目的是支持在开发周期初期发布的版本，例如，每日构建版本或来自 Linux "
+"发行版最新源代码的构建版本。"
 
 #: ../source/discussions/versioning.rst:43
 msgid ""
@@ -2192,6 +2371,9 @@ msgid ""
 "with a new final release (e.g., incrementing the third component when using "
 "semantic versioning)."
 msgstr ""
+"后发布版本用于修复最终版本中的轻微错误，这些错误不会影响分发的软件，例如修正"
+"发布说明中的错误。它们不应用于修复 bug；这些应该通过发布新的最终版本来处理"
+"（例如，在使用语义版本控制时，增加第三个版本号）。"
 
 #: ../source/discussions/versioning.rst:49
 msgid ""
@@ -2203,10 +2385,15 @@ msgid ""
 "epoch, as in \"1!1.0\", in order to be treated as more recent than the old "
 "version numbers."
 msgstr ""
+"最后，epoch（纪元）是一个很少使用的特性，用于在更改版本控制方案时修正排序顺"
+"序。例如，如果一个项目使用日历版本控制，版本号如 23.12，然后切换到语义版本控"
+"制，版本号如 1.0，那么 1.0 和 23.12 的比较顺序将会错误。为了修正这一点，新的"
+"版本号应该具有明确的 epoch，例如 \"1!1.0\"，这样可以确保它比旧的版本号更为新"
+"颖。"
 
 #: ../source/discussions/versioning.rst:59
 msgid "Semantic versioning vs. calendar versioning"
-msgstr ""
+msgstr "语义版本控制与日历版本控制"
 
 #: ../source/discussions/versioning.rst:61
 msgid ""
@@ -2215,6 +2402,8 @@ msgid ""
 "new release of a package. Two versioning schemes are commonly used for "
 "Python packages, semantic versioning and calendar versioning."
 msgstr ""
+"版本控制方案是对版本号各个部分的正式解释方式，并决定在新版本发布时应该使用哪"
+"个版本号。Python 包常用的两种版本控制方案是语义版本控制和日历版本控制。"
 
 #: ../source/discussions/versioning.rst:68
 msgid ""
@@ -2223,6 +2412,8 @@ msgid ""
 "That view may differ from the end-users' perception of what said formalized "
 "versioning scheme promises them."
 msgstr ""
+"选择使用哪个版本号是由项目的维护者决定的。这实际上意味着版本号的提升反映了维"
+"护者的观点。这个观点可能与最终用户对该正式版本控制方案承诺的理解有所不同。"
 
 #: ../source/discussions/versioning.rst:74
 msgid ""
@@ -2232,30 +2423,35 @@ msgid ""
 "when security vulnerability needs to be addressed. Security releases often "
 "come in patch versions but contain breaking changes inevitably."
 msgstr ""
+"选择下一个版本号时有已知的例外情况。维护者可能会有意识地选择打破“最后一个版本"
+"段只包含向后兼容的更改”这一假设。其中一个例子是当需要解决安全漏洞时。安全更新"
+"通常以补丁版本发布，但不可避免地包含破坏性更改。"
 
 #: ../source/discussions/versioning.rst:84
 #: ../source/specifications/version-specifiers.rst:723
 msgid "Semantic versioning"
-msgstr ""
+msgstr "语义版本控制"
 
 #: ../source/discussions/versioning.rst:86
 msgid ""
 "The idea of *semantic versioning* (or SemVer) is to use 3-part version "
 "numbers, *major.minor.patch*, where the project author increments:"
 msgstr ""
+"*语义版本控制* （或称 SemVer）的理念是使用三部分版本号， *major.minor."
+"patch* ，其中项目作者根据以下规则进行版本号递增："
 
 #: ../source/discussions/versioning.rst:89
 msgid "*major* when they make incompatible API changes,"
-msgstr ""
+msgstr "*重大(major)* 当他们进行不兼容的 API 更改时，"
 
 #: ../source/discussions/versioning.rst:90
 msgid ""
 "*minor* when they add functionality in a backwards-compatible manner, and"
-msgstr ""
+msgstr "*轻微(minor)* 当他们以向后兼容的方式添加功能时，以及"
 
 #: ../source/discussions/versioning.rst:91
 msgid "*patch*, when they make backwards-compatible bug fixes."
-msgstr ""
+msgstr "*补丁(patch)*，当他们进行向后兼容的错误修复时。"
 
 #: ../source/discussions/versioning.rst:93
 msgid ""
@@ -2268,6 +2464,11 @@ msgid ""
 "strictness]_. Conversely, a bump of the major version number is sometimes "
 "used to signal significant but backwards-compatible new features."
 msgstr ""
+"大多数 Python 项目使用类似于语义版本控制的版本方案。然而，大多数项目，尤其是"
+"较大的项目，并不严格遵循语义版本控制，因为许多变化在技术上是破坏兼容性的，但"
+"仅影响一小部分用户。这类项目通常在不兼容性较大时递增主版本号，或用来表示项目"
+"的重大变化，而不是为了任何微小的不兼容性 [#semver-strictness] 。相反，主版本"
+"号的递增有时也用来表示重要但向后兼容的新特性。"
 
 #: ../source/discussions/versioning.rst:103
 msgid ""
@@ -2280,12 +2481,20 @@ msgid ""
 "equivalent to ``name >= X.Y.Z, == X.Y.*``, i.e., it requires at least X.Y.Z "
 "and allows a later release with same X and Y but higher Z."
 msgstr ""
+"对于那些确实使用严格语义版本控制的项目，这种方法允许用户使用 :ref:`兼容发布版"
+"本说明符 <version-specifiers-compatible-release>` ，并使用 ``~=`` 运算符。例"
+"如， ``name ~= X.Y`` 大致等价于 ``name >= X.Y, == X.*`` ，即它要求至少是 X.Y "
+"版本，并允许任何 X 不变且 Y 较大的后续版本。同样， ``name ~= X.Y.Z`` 大致等价"
+"于 ``name >= X.Y.Z, == X.Y.*`` ，即要求至少是 X.Y.Z 版本，并允许任何 X 和 Y "
+"相同但 Z 较大的后续版本。"
 
 #: ../source/discussions/versioning.rst:112
 msgid ""
 "Python projects adopting semantic versioning should abide by clauses 1-8 of "
 "the `Semantic Versioning 2.0.0 specification <semver_>`_."
 msgstr ""
+"采用语义版本控制的 Python 项目应遵守 `语义版本控制 2.0.0 规范 <semver_>` 的"
+"第 1-8 条。"
 
 #: ../source/discussions/versioning.rst:115
 msgid ""
@@ -2297,6 +2506,11 @@ msgid ""
 "contain backwards-incompatible API changes (:doc:`NumPy versioning policy "
 "<numpy:dev/depending_on_numpy>`)."
 msgstr ""
+"流行的 :doc:`Sphinx <sphinx:index>` 文档生成器是一个使用严格语义版本控制的示"
+"例项目（ :doc:`Sphinx 版本控制政策 <sphinx:internals/release-process>` ）。著"
+"名的 :doc:`NumPy <numpy:index>` 科学计算包明确使用“宽松”语义版本控制，其中递"
+"增次要版本可能包含向后不兼容的 API 更改（ :doc:`NumPy 版本控制政策 <numpy:"
+"dev/depending_on_numpy>` ）。"
 
 #: ../source/discussions/versioning.rst:124
 msgid "Calendar versioning"
@@ -2308,6 +2522,8 @@ msgid ""
 "with a regular time based release cadence and a deprecation process that "
 "provides warnings for a number of releases prior to removal of a feature."
 msgstr ""
+"语义版本控制并不适用于所有项目，例如具有基于定期时间的发布节奏和弃用流程的项"
+"目，这些弃用流程会在删除某个功能之前为多个版本提供警告。"
 
 #: ../source/discussions/versioning.rst:130
 msgid ""
@@ -2315,23 +2531,25 @@ msgid ""
 "<calver_>`_ (CalVer), is that it is straightforward to tell how old the base "
 "feature set of a particular release is given just the version number."
 msgstr ""
+"基于日期的版本控制，或称为 `日历版本控制 <calver_>`_（CalVer）的一个主要优势"
+"是，通过版本号就可以直接判断特定发布的基础功能集已经有多旧。"
 
 #: ../source/discussions/versioning.rst:134
 msgid ""
 "Calendar version numbers typically take the form *year.month* (for example, "
 "23.12 for December 2023)."
 msgstr ""
+"日历版本号通常采用 *year.month* 的形式（例如，2023 年 12 月为 23.12）。"
 
 #: ../source/discussions/versioning.rst:137
 msgid ""
 ":doc:`Pip <pip:index>`, the standard Python package installer, uses calendar "
 "versioning."
-msgstr ""
+msgstr ":doc:`Pip <pip:index>` ，标准 Python 包安装程序，使用日历版本控制。"
 
 #: ../source/discussions/versioning.rst:142
-#, fuzzy
 msgid "Other schemes"
-msgstr "版本"
+msgstr "其他模式"
 
 #: ../source/discussions/versioning.rst:144
 msgid ""
@@ -2341,6 +2559,9 @@ msgid ""
 "as an end user, as serial version numbers convey little or no information "
 "regarding API backwards compatibility."
 msgstr ""
+"序列版本控制指的是一种最简单的版本控制方案，它由一个每次发布时递增的单一数字"
+"组成。虽然序列版本控制对于开发者来说非常容易管理，但对于最终用户来说却是最难"
+"追踪的，因为序列版本号几乎不提供关于 API 向后兼容性的任何信息。"
 
 #: ../source/discussions/versioning.rst:150
 msgid ""
@@ -2350,6 +2571,9 @@ msgid ""
 "release, but doesn't otherwise commit to a particular release cadence within "
 "the year."
 msgstr ""
+"上述版本控制方案可以组合使用。例如，一个项目可以将基于日期的版本控制与序列版"
+"本控制结合，创建一个 *年.序列(year.serial)* 的编号方案，这样既能直观地传达一"
+"个版本的发布大致年份，同时又不承诺在该年内的具体发布频率。"
 
 #: ../source/discussions/versioning.rst:157
 #: ../source/specifications/version-specifiers.rst:114
@@ -2364,6 +2588,10 @@ msgid ""
 "which can be used to identify local development builds not intended for "
 "publication, or modified variants of a release maintained by a redistributor."
 msgstr ""
+"公共版本标识符旨在支持通过 :term:`PyPI <Python Package Index (PyPI)>` 进行分"
+"发。Python 打包工具还支持 :ref:`本地版本标识符 <local-version-identifiers>` "
+"的概念，可以用来标识不打算公开发布的本地开发构建，或由重新分发者维护的已修改"
+"版本。"
 
 #: ../source/discussions/versioning.rst:165
 msgid ""
@@ -2376,6 +2604,11 @@ msgid ""
 "dev1+gd00980f\", or if the repository has untracked changes, like \"0.5."
 "dev1+gd00980f.d20231217\"."
 msgstr ""
+"本地版本标识符的形式是一个公共版本标识符，后跟 \"+\" 和本地版本标签。例如，应"
+"用了 Fedora 特定补丁的包可能会有版本 \"1.2.1+fedora.4\"。另一个例子是由 "
+"setuptools-scm_ （一个读取 Git 数据的 setuptools 插件） 计算的版本。在有一些"
+"提交的 Git 仓库中，setuptools-scm 会生成类似 \"0.5.dev1+gd00980f\" 的版本，或"
+"者如果仓库有未跟踪的更改，则生成类似 \"0.5.dev1+gd00980f.d20231217\" 的版本。"
 
 #: ../source/discussions/versioning.rst:177
 msgid "Accessing version information at runtime"
@@ -2882,32 +3115,16 @@ msgstr ""
 "展的 Java 类文件。"
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr "已知良好集 (KGS)"
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-"一组相互兼容的指定版本的发行版。 通常，将运行一个测试套件，该套件在一组特定的"
-"包被声明为已知良好集之前通过所有测试。 该术语通常用于由多个单独发行版组成的框"
-"架和工具包。"
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr "导入包"
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr "一个Python模块，可以包含其他模块或递归地包含其他包。"
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 #, fuzzy
 msgid ""
 "An import package is more commonly referred to with the single word "
@@ -2919,18 +3136,34 @@ msgstr ""
 "导入包通常用单个词“包”来指代，但本指南将在需要更清楚地说明时使用扩展术语，以"
 "防止与通常也称为“包”的 :term:`分发包` 混淆."
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 msgid "Installed Project"
 msgstr "安装程序"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr "已知良好集 (KGS)"
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+"一组相互兼容的指定版本的发行版。 通常，将运行一个测试套件，该套件在一组特定的"
+"包被声明为已知良好集之前通过所有测试。 该术语通常用于由多个单独发行版组成的框"
+"架和工具包。"
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "模块"
@@ -4001,12 +4234,17 @@ msgid ""
 "plugin. Another package supporting this kind of plugin can use the metadata "
 "to discover that plugin."
 msgstr ""
+"包可以拥有在 :ref:`entry-points` 中描述的插件元数据。通过指定这些元数据，包声"
+"明它包含某种特定类型的插件。另一个支持这种插件的包可以使用这些元数据来发现该"
+"插件。"
 
 #: ../source/guides/creating-and-discovering-plugins.rst:128
 msgid ""
 "For example if you have a package named ``myapp-plugin-a`` and it includes "
 "the following in its ``pyproject.toml``:"
 msgstr ""
+"例如，如果您有一个名为 ``myapp-plugin-a`` 的包，并且它的 ``pyproject.toml`` "
+"中包含以下内容："
 
 #: ../source/guides/creating-and-discovering-plugins.rst:136
 msgid ""
@@ -4020,12 +4258,15 @@ msgid ""
 "In this example, ``discovered_plugins`` would be a collection of type :class:"
 "`importlib.metadata.EntryPoint`:"
 msgstr ""
+"在这个例子中， ``discovered_plugins`` 将是一个类型为 :class:`importlib."
+"metadata.EntryPoint` 的集合:"
 
 #: ../source/guides/creating-and-discovering-plugins.rst:160
 msgid ""
 "Now the module of your choice can be imported by executing "
 "``discovered_plugins['a'].load()``."
 msgstr ""
+"现在可以通过执行 ``discovered_plugins['a'].load()`` 来导入您选择的模块。"
 
 #: ../source/guides/creating-and-discovering-plugins.rst:163
 msgid ""
@@ -4033,6 +4274,8 @@ msgid ""
 "has a lot of options. It's recommended to read over the entire section on :"
 "doc:`entry points <setuptools:userguide/entry_point>` ."
 msgstr ""
+"在 :file:`setup.py` 中的 ``entry_point`` 规范相当灵活，具有很多选项。建议仔细"
+"阅读整个关于 :doc:`entry points <setuptools:userguide/entry_point>` 的章节。"
 
 #: ../source/guides/creating-and-discovering-plugins.rst:167
 msgid ""
@@ -4040,11 +4283,12 @@ msgid ""
 "library/importlib.metadata>`, most packaging tools other than setuptools "
 "provide support for defining entry points."
 msgstr ""
+"由于此规范是 :doc:`标准库的一部分 <python:library/importlib.metadata>`，因此"
+"除了 setuptools 之外，大多数打包工具都提供了定义 entry points 的支持。"
 
 #: ../source/guides/creating-command-line-tools.rst:5
-#, fuzzy
 msgid "Creating and packaging command-line tools"
-msgstr "安装独立命令行工具"
+msgstr "创建以及打包命令行工具"
 
 #: ../source/guides/creating-command-line-tools.rst:7
 msgid ""
@@ -4054,11 +4298,14 @@ msgid ""
 "exposing the executable scripts of packages (and available manual pages) for "
 "use on the command-line."
 msgstr ""
+"本指南将引导您创建和打包一个独立的命令行应用程序，该应用程序可以通过 :ref:"
+"`pipx` 安装，pipx 是一个创建和管理 :term:`Python 虚拟环境 <Virtual "
+"Environment>` 的工具，并暴露包的可执行脚本（以及可用的手册页）以供命令行使"
+"用。"
 
 #: ../source/guides/creating-command-line-tools.rst:12
-#, fuzzy
 msgid "Creating the package"
-msgstr "升级软件包"
+msgstr "创建包"
 
 #: ../source/guides/creating-command-line-tools.rst:14
 msgid ""
@@ -4066,17 +4313,19 @@ msgid ""
 "the sake of an example, we'll build a simple tool outputting a greeting (a "
 "string) for a person based on arguments given on the command-line."
 msgstr ""
+"首先，创建一个源代码树用于该 :term:`项目 <Project>` 。为了举例说明，我们将构"
+"建一个简单的工具，根据命令行提供的参数输出对某个人的问候（一个字符串）。"
 
 #: ../source/guides/creating-command-line-tools.rst:17
 #: ../source/guides/tool-recommendations.rst:45
 msgid "Todo"
-msgstr ""
+msgstr "待办"
 
 #: ../source/guides/creating-command-line-tools.rst:17
 msgid ""
 "Advise on the optimal structure of a Python package in another guide or "
 "discussion and link to it here."
-msgstr ""
+msgstr "在另一个指南或讨论中对 Python 包的最佳结构提出建议，并在此处链接。"
 
 #: ../source/guides/creating-command-line-tools.rst:19
 msgid ""
@@ -5489,7 +5738,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5498,9 +5747,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5618,7 +5867,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr ""
 
@@ -5656,32 +5905,53 @@ msgstr "conda 跨平台软件包管理器"
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+#, fuzzy
+#| msgid ""
+#| "`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+#| "distribution published by Anaconda, Inc. It is a stable collection of "
+#| "Open Source packages for big data and scientific use.  As of the 5.0 "
+#| "release of Anaconda, about 200 packages are installed by default, and a "
+#| "total of 400-500 can be installed and updated from the Anaconda "
+#| "repository."
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 "`Anaconda <https://www.anaconda.com/products/individual/>`_ 是由 Anaconda 公"
 "司发布的 Python 发行版。它是一个稳定的开源软件包集合，用于大数据和科学用途。 "
 "在 Anaconda 的5.0版本中，默认安装了大约200个包，总共有400-500个包可以从 "
 "Anaconda 仓库中安装和更新。"
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8835,29 +9105,51 @@ msgstr "上传到 PyPI"
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8868,31 +9160,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ":ref:`Flit`,"
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ":ref:`Hatch`,"
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ":ref:`PDM`,"
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ":ref:`Pipenv`,"
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ":ref:`Poetry`,"
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -10152,38 +10444,52 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
@@ -10191,7 +10497,7 @@ msgstr ""
 "`文档 <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -10201,11 +10507,11 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 #, fuzzy
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
@@ -10214,7 +10520,7 @@ msgstr ""
 "`GitHub 和文档 <https://github.com/pypa/readme_renderer/>`__ | `PyPI "
 "<https://pypi.org/project/readme-renderer/>`__"
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -10222,11 +10528,11 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr "enscons"
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
@@ -10234,7 +10540,7 @@ msgstr ""
 ":gh:`源码 <dholth/enscons>` | :gh:`问题 <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -10246,11 +10552,11 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 #, fuzzy
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
@@ -10259,22 +10565,22 @@ msgstr ""
 "`文档 <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr "Hashdist"
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
@@ -10282,7 +10588,7 @@ msgstr ""
 "`文档 <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -10293,11 +10599,11 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
@@ -10305,18 +10611,18 @@ msgstr ""
 "`文档 <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr "meson-python"
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
@@ -10324,7 +10630,7 @@ msgstr ""
 "`文档 <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -10332,41 +10638,41 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr "multibuild"
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 #, fuzzy
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr "`GitHub <https://github.com/matthew-brett/multibuild>`__"
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
@@ -10374,13 +10680,13 @@ msgstr ""
 "`文档 <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
@@ -10388,7 +10694,7 @@ msgstr ""
 "`文档 <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -10400,11 +10706,11 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr "pip-tools"
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
@@ -10414,7 +10720,7 @@ msgstr ""
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -10425,27 +10731,27 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr "piwheels"
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
@@ -10453,7 +10759,7 @@ msgstr ""
 "`网站 <https://www.piwheels.org/>`__ | :doc:`文档 <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -10461,11 +10767,11 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr "poetry"
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
@@ -10473,7 +10779,7 @@ msgstr ""
 "`文档 <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -10487,11 +10793,11 @@ msgstr ""
 "自己的依赖性解析器。它试图通过本地缓存依赖关系的元数据来加速用户的安装和依赖"
 "关系的解决。"
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 #, fuzzy
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
@@ -10499,18 +10805,18 @@ msgstr ""
 "`GitHub 和文档 <https://github.com/pypa/readme_renderer/>`__ | `PyPI "
 "<https://pypi.org/project/readme-renderer/>`__"
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 #, fuzzy
 msgid "Pulp-python"
 msgstr "python"
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
@@ -10518,18 +10824,18 @@ msgstr ""
 "`文档 <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
@@ -10537,7 +10843,7 @@ msgstr ""
 "`文档 <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -10545,11 +10851,11 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr "pypiprivate"
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
@@ -10557,17 +10863,17 @@ msgstr ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 #, fuzzy
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
@@ -10576,7 +10882,7 @@ msgstr ""
 "`GitHub 和文档 <https://github.com/pypa/readme_renderer/>`__ | `PyPI "
 "<https://pypi.org/project/readme-renderer/>`__"
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 #, fuzzy
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
@@ -10592,11 +10898,11 @@ msgstr ""
 "ref:`pip` 下载和安装它们，而不用公开发布。使用 pypiserver 的组织通常既从 "
 "pypiserver 也从 PyPI 下载软件包。"
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
@@ -10604,7 +10910,7 @@ msgstr ""
 "`文档 <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10614,11 +10920,11 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 #, fuzzy
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
@@ -10626,17 +10932,17 @@ msgstr ""
 "`GitHub 和文档 <https://github.com/pypa/hatch>`__ | `PyPI <https://pypi.org/"
 "project/hatch>`__"
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr "scikit-build"
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
@@ -10646,7 +10952,7 @@ msgstr ""
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10657,12 +10963,12 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 #, fuzzy
 msgid "scikit-build-core"
 msgstr "scikit-build"
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
@@ -10672,7 +10978,7 @@ msgstr ""
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10682,11 +10988,11 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr "shiv"
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
@@ -10694,7 +11000,7 @@ msgstr ""
 "`文档 <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10702,11 +11008,11 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 #, fuzzy
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
@@ -10715,7 +11021,7 @@ msgstr ""
 "`GitHub 和文档 <https://github.com/pypa/readme_renderer/>`__ | `PyPI "
 "<https://pypi.org/project/readme-renderer/>`__"
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10723,7 +11029,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10731,7 +11037,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10742,18 +11048,18 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 "Spack 不在 PyPI 中（目前），但它不需要安装，从 GitHub 克隆后可以立即使用。"
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr "zest.releaser"
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
@@ -10763,7 +11069,7 @@ msgstr ""
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10771,15 +11077,15 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr "ensurepip"
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
@@ -10787,7 +11093,7 @@ msgstr ""
 "`文档 <https://docs.python.org/3/library/ensurepip.html>`__ | `问题 <https://"
 "bugs.python.org/>`__"
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10795,12 +11101,12 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 #, fuzzy
 msgid "http.server"
 msgstr "pypiserver"
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
@@ -10808,18 +11114,18 @@ msgstr ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr "venv"
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
@@ -10827,7 +11133,7 @@ msgstr ""
 "`文档 <https://docs.python.org/3/library/venv.html>`__ | `问题 <https://"
 "github.com/python/cpython/issues>`__"
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12879,7 +13185,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13950,6 +14256,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr "技术参数"
@@ -14087,7 +14394,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr "版本"
 
@@ -15722,6 +16029,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15893,7 +16496,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 #, fuzzy
 msgid "Recommendations"
 msgstr "创建文档"
@@ -17786,12 +18389,27 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "规范化"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17801,11 +18419,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17815,7 +18433,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17823,7 +18441,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17831,12 +18449,12 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 msgid "Installers"
 msgstr "安装程序"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17846,7 +18464,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17856,14 +18474,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17873,7 +18491,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17881,7 +18499,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17890,38 +18508,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17932,29 +18550,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17963,7 +18581,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17973,49 +18591,49 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 #, fuzzy
 msgid "Clients"
 msgstr "内容"
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -18024,7 +18642,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -18036,7 +18654,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -18046,18 +18664,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -18065,11 +18683,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -18077,7 +18695,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -18087,7 +18705,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -18097,7 +18715,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -18105,28 +18723,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -18135,38 +18753,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "规范化"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -18174,19 +18792,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -18195,42 +18813,42 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 msgid "Project List"
 msgstr "项目"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr "示例："
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -18240,7 +18858,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -18250,12 +18868,12 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 msgid "Project Detail"
 msgstr "项目名称"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -18263,33 +18881,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -18298,14 +18916,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -18315,7 +18933,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -18323,14 +18941,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -18340,27 +18958,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -18369,7 +18987,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -18380,7 +18998,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -18390,12 +19016,12 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 #, fuzzy
 msgid "Content-Types"
 msgstr "内容"
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -18403,11 +19029,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -18415,19 +19041,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -18436,7 +19062,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -18444,12 +19070,12 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 msgid "Version + Format Selection"
 msgstr "版本"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -18458,65 +19084,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -18524,7 +19150,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -18535,7 +19161,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -18544,33 +19170,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr "``$type/$subtype``"
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr "``$type/*``"
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr "``*/*``"
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -18580,7 +19206,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -18590,7 +19216,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -18598,7 +19224,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18609,22 +19235,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18633,25 +19259,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18659,13 +19285,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18675,18 +19301,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18694,7 +19320,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18704,7 +19330,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18712,11 +19338,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18727,7 +19353,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18735,7 +19361,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18744,7 +19370,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18752,7 +19378,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18762,20 +19388,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18783,7 +19409,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18792,18 +19418,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18811,13 +19437,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18826,23 +19452,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18851,63 +19477,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18917,7 +19543,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18925,7 +19551,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18934,22 +19560,22 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 #, fuzzy
 msgid "Additional file information"
 msgstr "附加工具"
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18961,11 +19587,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18973,11 +19599,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18985,7 +19611,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18994,14 +19620,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -19010,7 +19636,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -19019,48 +19645,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21995,7 +22627,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -22446,16 +23078,16 @@ msgstr "安装完毕后，运行 Twine 以上传 :file:`dist`下的所有档案
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr "命令完成后，你应该会看到类似这样的输出："
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
@@ -22463,28 +23095,28 @@ msgstr ""
 "一旦上传，你的包应在 TestPyPI 上可见；比如：``https://test.pypi.org/project/"
 "example_package_YOUR_USERNAME_HERE``。"
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr "安装你新上传的软件包"
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr "请确保在软件包名称中指定你的用户名!"
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr "pip应该会安装 TestPyPI 的软件包，输出结果应该是这样的："
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -22494,23 +23126,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr "并导入该软件包："
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -22518,28 +23150,28 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
 "append your username as you did in the tutorial, but you can't use an "
 "existing name."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -22547,44 +23179,44 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"
diff --git a/locales/zh_Hant/LC_MESSAGES/messages.po b/locales/zh_Hant/LC_MESSAGES/messages.po
index a9a4c5efb..d6b150a89 100644
--- a/locales/zh_Hant/LC_MESSAGES/messages.po
+++ b/locales/zh_Hant/LC_MESSAGES/messages.po
@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Python Packaging User Guide\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-10-30 00:39+0000\n"
+"POT-Creation-Date: 2024-11-25 21:53+0000\n"
 "PO-Revision-Date: 2024-07-03 11:26+0000\n"
 "Last-Translator: Ricky From Hong Kong <lamricky11@hotmail.com>\n"
 "Language-Team: Chinese (Traditional) <https://hosted.weblate.org/projects/"
@@ -633,7 +633,7 @@ msgid "Unix (including Linux and macOS)"
 msgstr ""
 
 #: ../source/discussions/deploying-python-applications.rst:118
-#: ../source/key_projects.rst:572
+#: ../source/key_projects.rst:576
 msgid "pex"
 msgstr ""
 
@@ -1924,7 +1924,7 @@ msgid ""
 msgstr ""
 
 #: ../source/discussions/versioning.rst:6
-#: ../source/specifications/simple-repository-api.rst:310
+#: ../source/specifications/simple-repository-api.rst:319
 #, fuzzy
 msgid "Versioning"
 msgstr "翻譯"
@@ -2678,29 +2678,16 @@ msgid ""
 msgstr ""
 
 #: ../source/glossary.rst:121
-msgid "Known Good Set (KGS)"
-msgstr ""
-
-#: ../source/glossary.rst:124
-msgid ""
-"A set of distributions at specified versions which are compatible with each "
-"other. Typically a test suite will be run which passes all tests before a "
-"specific set of packages is declared a known good set. This term is commonly "
-"used by frameworks and toolkits which are comprised of multiple individual "
-"distributions."
-msgstr ""
-
-#: ../source/glossary.rst:130
 msgid "Import Package"
 msgstr ""
 
-#: ../source/glossary.rst:133
+#: ../source/glossary.rst:124
 msgid ""
 "A Python module which can contain other modules or recursively, other "
 "packages."
 msgstr ""
 
-#: ../source/glossary.rst:136
+#: ../source/glossary.rst:127
 msgid ""
 "An import package is more commonly referred to with the single word "
 "\"package\", but this guide will use the expanded term when more clarity is "
@@ -2709,18 +2696,31 @@ msgid ""
 "package` for a breakdown of the differences."
 msgstr ""
 
-#: ../source/glossary.rst:142
+#: ../source/glossary.rst:133
 #, fuzzy
 msgid "Installed Project"
 msgstr "安裝軟體套件"
 
-#: ../source/glossary.rst:145
+#: ../source/glossary.rst:136
 msgid ""
 "A :term:`Project` that is installed for use with a Python interpreter or :"
 "term:`Virtual Environment`, as described in the specicifcation :ref:"
 "`recording-installed-packages`."
 msgstr ""
 
+#: ../source/glossary.rst:140
+msgid "Known Good Set (KGS)"
+msgstr ""
+
+#: ../source/glossary.rst:143
+msgid ""
+"A set of distributions at specified versions which are compatible with each "
+"other. Typically a test suite will be run which passes all tests before a "
+"specific set of packages is declared a known good set. This term is commonly "
+"used by frameworks and toolkits which are comprised of multiple individual "
+"distributions."
+msgstr ""
+
 #: ../source/glossary.rst:149
 msgid "Module"
 msgstr "模組"
@@ -5164,7 +5164,7 @@ msgid ""
 "In particular, `NumPy <https://numpy.org/>`__, which provides the basis for "
 "most of the software in the `scientific Python stack <https://scientific-"
 "python.org>`_ can be configured to interoperate with different FORTRAN "
-"libraries, and can take advantage of different levels of vectorised "
+"libraries, and can take advantage of different levels of vectorized "
 "instructions available in modern CPUs."
 msgstr ""
 
@@ -5173,9 +5173,9 @@ msgid ""
 "Starting with version 1.10.4 of NumPy and version 1.0.0 of SciPy, pre-built "
 "32-bit and 64-bit binaries in the ``wheel`` format are available for all "
 "major operating systems (Windows, macOS, and Linux) on PyPI. Note, however, "
-"that on Windows, NumPy binaries are linked against the `ATLAS <http://www."
-"netlib.org/atlas/>`__ BLAS/LAPACK library, restricted to SSE2 instructions, "
-"so they may not provide optimal linear algebra performance."
+"that on Windows, NumPy binaries are linked against the `ATLAS <https://math-"
+"atlas.sourceforge.net/>`__ BLAS/LAPACK library, restricted to SSE2 "
+"instructions, so they may not provide optimal linear algebra performance."
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:26
@@ -5288,7 +5288,7 @@ msgid ""
 msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:100
-#: ../source/key_projects.rst:808
+#: ../source/key_projects.rst:812
 msgid "Spack"
 msgstr "Spack"
 
@@ -5320,28 +5320,41 @@ msgstr ""
 
 #: ../source/guides/installing-scientific-packages.rst:121
 msgid ""
-"`Anaconda <https://www.anaconda.com/products/individual/>`_ is a Python "
+"``conda`` is an open source (BSD licensed) package management system and "
+"environment management system that allows users to install multiple versions "
+"of binary software packages and their dependencies, and easily switch "
+"between them. It is a cross-platform tool working on Windows, MacOS, and "
+"Linux. Conda can be used to package up and distribute all kinds of packages, "
+"it is not limited to just Python packages. It has full support for native "
+"virtual environments. Conda makes environments first-class citizens, making "
+"it easy to create independent environments even for C libraries. It is "
+"written in Python, but is Python-agnostic. Conda manages Python itself as a "
+"package, so that :command:`conda update python` is possible, in contrast to "
+"pip, which only manages Python packages."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:133
+msgid ""
+"Anaconda `Anaconda <https://docs.anaconda.com/anaconda/>`_ is a Python "
 "distribution published by Anaconda, Inc. It is a stable collection of Open "
-"Source packages for big data and scientific use.  As of the 5.0 release of "
-"Anaconda, about 200 packages are installed by default, and a total of "
-"400-500 can be installed and updated from the Anaconda repository."
+"Source packages for big data and scientific use, and a collection of "
+"Graphical Interface utilities for managing conda environments."
 msgstr ""
 
-#: ../source/guides/installing-scientific-packages.rst:127
+#: ../source/guides/installing-scientific-packages.rst:135
 msgid ""
-"``conda`` is an open source (BSD licensed) package management system and "
-"environment management system included in Anaconda that allows users to "
-"install multiple versions of binary software packages and their "
-"dependencies, and easily switch between them. It is a cross-platform tool "
-"working on Windows, macOS, and Linux. Conda can be used to package up and "
-"distribute all kinds of packages, it is not limited to just Python packages. "
-"It has full support for native virtual environments. Conda makes "
-"environments first-class citizens, making it easy to create independent "
-"environments even for C libraries. It is written in Python, but is Python-"
-"agnostic. Conda manages Python itself as a package, so that :command:`conda "
-"update python` is possible, in contrast to pip, which only manages Python "
-"packages. Conda is available in Anaconda and Miniconda (an easy-to-install "
-"download with just Python and conda)."
+"In addition to the full distribution provided by Anaconda, the conda package "
+"manager itself is available in  `miniconda <https://docs.anaconda.com/"
+"miniconda/>`_, `miniforge <https://github.com/conda-forge/miniforge>`_, and "
+"`pixi <https://pixi.sh/>`_."
+msgstr ""
+
+#: ../source/guides/installing-scientific-packages.rst:138
+msgid ""
+"Conda packages are available on multiple channels on Anaconda.org, including "
+"the default channel supported by Anaconda, Inc, the community supported "
+"conda-forge channel, which provides a wide variety of pre-built packages, "
+"and some domain-specific package collections."
 msgstr ""
 
 #: ../source/guides/installing-stand-alone-command-line-tools.rst:4
@@ -8426,29 +8439,51 @@ msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:142
 msgid ""
-"For projects hosted on GitHub, it is recommended to use the :ref:`trusted "
-"publishing <trusted-publishing>`, which allows the package to be securely "
-"uploaded to PyPI from a GitHub Actions job. (This is not yet supported on "
-"software forges other than GitHub.)"
+"For projects hosted on or published via supported CI/CD platforms, it is "
+"recommended to use the :ref:`Trusted Publishing <trusted-publishing>`, which "
+"allows the package to be securely uploaded to PyPI from a CI/CD workflow "
+"without a manually configured API token."
 msgstr ""
 
 #: ../source/guides/tool-recommendations.rst:147
 msgid ""
+"As of November 2024, PyPI supports the following platforms as Trusted "
+"Publishing providers:"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:150
+msgid "GitHub Actions (on ``https://github.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:151
+msgid "GitLab CI/CD (on ``https://gitlab.com``)"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:152
+msgid "ActiveState"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:153
+msgid "Google Cloud"
+msgstr ""
+
+#: ../source/guides/tool-recommendations.rst:155
+msgid ""
 "The other available method is to upload the package manually using :ref:"
 "`twine`."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:149
+#: ../source/guides/tool-recommendations.rst:159
 msgid ""
 "**Never** use ``python setup.py upload`` for this task. In addition to "
 "being :ref:`deprecated <setup-py-deprecated>`, it is insecure."
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:154
+#: ../source/guides/tool-recommendations.rst:164
 msgid "Workflow tools"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:156
+#: ../source/guides/tool-recommendations.rst:166
 msgid ""
 "These tools are environment managers that automatically manage virtual "
 "environments for a project. They also act as \"task runners\", allowing you "
@@ -8459,31 +8494,31 @@ msgid ""
 "alphabetical order:"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:164
+#: ../source/guides/tool-recommendations.rst:174
 msgid ":ref:`Flit`,"
 msgstr ":ref:`Flit`,"
 
-#: ../source/guides/tool-recommendations.rst:165
+#: ../source/guides/tool-recommendations.rst:175
 msgid ":ref:`Hatch`,"
 msgstr ":ref:`Hatch`,"
 
-#: ../source/guides/tool-recommendations.rst:166
+#: ../source/guides/tool-recommendations.rst:176
 msgid ":doc:`nox <nox:index>`,"
 msgstr ""
 
-#: ../source/guides/tool-recommendations.rst:167
+#: ../source/guides/tool-recommendations.rst:177
 msgid ":ref:`PDM`,"
 msgstr ":ref:`PDM`,"
 
-#: ../source/guides/tool-recommendations.rst:168
+#: ../source/guides/tool-recommendations.rst:178
 msgid ":ref:`Pipenv`,"
 msgstr ":ref:`Pipenv`,"
 
-#: ../source/guides/tool-recommendations.rst:169
+#: ../source/guides/tool-recommendations.rst:179
 msgid ":ref:`Poetry`,"
 msgstr ":ref:`Poetry`,"
 
-#: ../source/guides/tool-recommendations.rst:170
+#: ../source/guides/tool-recommendations.rst:180
 msgid ":doc:`tox <tox:index>`."
 msgstr ""
 
@@ -9660,44 +9695,58 @@ msgstr ""
 
 #: ../source/key_projects.rst:407
 msgid ""
-"conda is the package management tool for `Anaconda <https://docs.anaconda."
-"com/anaconda/>`__ Python installations. Anaconda Python is a distribution "
-"from `Anaconda, Inc <https://www.anaconda.com/products/individual>`__ "
-"specifically aimed at the scientific community, and in particular on Windows "
-"where the installation of binary extensions is often difficult."
+"Conda is a package, dependency, and environment management system for any "
+"language — Python, R, Ruby, C/C++, Fortran, and more. It is written in "
+"Python and widely used in the Python scientific computing community, due to "
+"its support for non-Python compiled libraries and extensions. It is used as "
+"the basis of the `Anaconda <https://docs.anaconda.com/anaconda/>`__ Python "
+"distribution from Anaconda, Inc. It was originally aimed at the scientific "
+"community, but can also be used on its own, or with the :doc:`miniconda "
+"<conda:miniconda>`, `miniforge <https://github.com/conda-forge/miniforge>`_ "
+"or `pixi <https://pixi.sh/>`_ systems. It is available for Windows, Mac and "
+"Linux systems."
 msgstr ""
 
-#: ../source/key_projects.rst:414
+#: ../source/key_projects.rst:416
 msgid ""
 "Conda is a completely separate tool from :ref:`pip`, virtualenv and wheel, "
-"but provides many of their combined features in terms of package management, "
-"virtual environment management and deployment of binary extensions."
+"but provides many of their combined features, such as package management, "
+"virtual environment management and deployment of binary extensions and other "
+"binary code."
+msgstr ""
+
+#: ../source/key_projects.rst:420
+msgid ""
+"Conda does not install packages from PyPI -- it can only manage packages "
+"built specifically for conda, which can be made available on a \"conda "
+"channel\", such as those hosted on `anaconda.org <https://anaconda.org>`__, "
+"or a local (e.g. intranet) package server. In addition to the \"default\" "
+"channels managed by `Anaconda, Inc. <https://www.anaconda.com/>`__, there "
+"are a wide variety of packages from the community supported `conda-forge "
+"project <https://conda-forge.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:418
+#: ../source/key_projects.rst:426
 msgid ""
-"Conda does not install packages from PyPI and can install only from the "
-"official Anaconda repositories, or anaconda.org (a place for user-"
-"contributed *conda* packages), or a local (e.g. intranet) package server.  "
-"However, note that :ref:`pip` can be installed into, and work side-by-side "
-"with conda for managing :term:`distributions <Distribution Package>` from "
-"PyPI. Also, `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
-"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__ is a tool to make "
-"Python packages installable by conda by first fetching them from PyPI and "
-"modifying their metadata."
+"Note that :ref:`pip` can be installed into, and work side-by-side with conda "
+"for managing :term:`distributions <Distribution Package>` from PyPI. It is "
+"also possible to build conda packages from Python source packages using "
+"tools such as `conda skeleton <https://docs.conda.io/projects/conda-build/en/"
+"latest/user-guide/tutorials/build-pkgs-skeleton.html>`__: a tool to "
+"automatically make conda packages from Python packages available on PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:431
+#: ../source/key_projects.rst:435
 msgid "devpi"
 msgstr ""
 
-#: ../source/key_projects.rst:433
+#: ../source/key_projects.rst:437
 msgid ""
 "`Docs <http://doc.devpi.net/latest/>`__ | :gh:`Issues <devpi/devpi/issues>` "
 "| `PyPI <https://pypi.org/project/devpi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:437
+#: ../source/key_projects.rst:441
 msgid ""
 "devpi features a powerful PyPI-compatible server and PyPI proxy cache with a "
 "complementary command line tool to drive packaging, testing and release "
@@ -9707,17 +9756,17 @@ msgid ""
 "replication and fail-over, and package upload."
 msgstr ""
 
-#: ../source/key_projects.rst:448
+#: ../source/key_projects.rst:452
 msgid "dumb-pypi"
 msgstr ""
 
-#: ../source/key_projects.rst:450
+#: ../source/key_projects.rst:454
 msgid ""
 "`GitHub <https://github.com/chriskuehl/dumb-pypi>`__ | `PyPI <https://pypi."
 "org/project/dumb-pypi>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:453
+#: ../source/key_projects.rst:457
 msgid ""
 "dumb-pypi is a simple :term:`package index <Package Index>` static file site "
 "generator, which then must be hosted by a static file webserver to become "
@@ -9725,17 +9774,17 @@ msgid ""
 "status."
 msgstr ""
 
-#: ../source/key_projects.rst:460
+#: ../source/key_projects.rst:464
 msgid "enscons"
 msgstr ""
 
-#: ../source/key_projects.rst:462
+#: ../source/key_projects.rst:466
 msgid ""
 ":gh:`Source <dholth/enscons>` | :gh:`Issues <dholth/enscons/issues>` | `PyPI "
 "<https://pypi.org/project/enscons>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:466
+#: ../source/key_projects.rst:470
 msgid ""
 "Enscons is a Python packaging tool based on `SCons`_. It builds :ref:`pip`-"
 "compatible source distributions and wheels without using distutils or "
@@ -9747,38 +9796,38 @@ msgid ""
 "independent of enscons."
 msgstr ""
 
-#: ../source/key_projects.rst:481
+#: ../source/key_projects.rst:485
 msgid "Flask-Pypi-Proxy"
 msgstr ""
 
-#: ../source/key_projects.rst:483
+#: ../source/key_projects.rst:487
 msgid ""
 "`Docs <https://flask-pypi-proxy.readthedocs.io>`__ | :gh:`GitHub <tzulberti/"
 "Flask-PyPi-Proxy>` | `PyPI <https://pypi.org/project/Flask-Pypi-Proxy/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:487 ../source/key_projects.rst:681
-#: ../source/key_projects.rst:740
+#: ../source/key_projects.rst:491 ../source/key_projects.rst:685
+#: ../source/key_projects.rst:744
 msgid "Not maintained, project archived"
 msgstr ""
 
-#: ../source/key_projects.rst:489
+#: ../source/key_projects.rst:493
 msgid ""
 "Flask-Pypi-Proxy is a :term:`package index <Package Index>` as a cached "
 "proxy for PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:495
+#: ../source/key_projects.rst:499
 msgid "Hashdist"
 msgstr ""
 
-#: ../source/key_projects.rst:497
+#: ../source/key_projects.rst:501
 msgid ""
 "`Docs <https://hashdist.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/hashdist/hashdist/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:500
+#: ../source/key_projects.rst:504
 msgid ""
 "Hashdist is a library for building non-root software distributions. Hashdist "
 "is trying to be “the Debian of choice for cases where Debian technology "
@@ -9789,34 +9838,34 @@ msgid ""
 "researchers but has been lacking in maintenance since 2016."
 msgstr ""
 
-#: ../source/key_projects.rst:512
+#: ../source/key_projects.rst:516
 msgid "Maturin"
 msgstr ""
 
-#: ../source/key_projects.rst:514
+#: ../source/key_projects.rst:518
 msgid ""
 "`Docs <https://www.maturin.rs>`__ | `GitHub <https://github.com/PyO3/"
 "maturin>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:517
+#: ../source/key_projects.rst:521
 msgid ""
 "Maturin is a build backend for Rust extension modules, also written in Rust. "
 "It supports building wheels for python 3.7+ on Windows, Linux, macOS and "
 "FreeBSD, can upload them to PyPI and has basic PyPy and GraalPy support."
 msgstr ""
 
-#: ../source/key_projects.rst:525
+#: ../source/key_projects.rst:529
 msgid "meson-python"
 msgstr ""
 
-#: ../source/key_projects.rst:527
+#: ../source/key_projects.rst:531
 msgid ""
 "`Docs <https://meson-python.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/mesonbuild/meson-python>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:530
+#: ../source/key_projects.rst:534
 msgid ""
 "``meson-python`` is a build backend that uses the Meson_ build system. It "
 "enables Python package authors to use Meson_ as the build system for their "
@@ -9824,58 +9873,58 @@ msgid ""
 "to fill the needs of most complex build configurations."
 msgstr ""
 
-#: ../source/key_projects.rst:540
+#: ../source/key_projects.rst:544
 msgid "multibuild"
 msgstr ""
 
-#: ../source/key_projects.rst:542
+#: ../source/key_projects.rst:546
 msgid "`GitHub <https://github.com/multi-build/multibuild>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:544
+#: ../source/key_projects.rst:548
 msgid ""
 "Multibuild is a set of CI scripts for building and testing Python :term:"
 "`wheels <Wheel>` for Linux, macOS, and (less flexibly) Windows. Also see :"
 "ref:`cibuildwheel`."
 msgstr ""
 
-#: ../source/key_projects.rst:550
+#: ../source/key_projects.rst:554
 msgid "nginx_pypi_cache"
 msgstr ""
 
-#: ../source/key_projects.rst:552
+#: ../source/key_projects.rst:556
 msgid ":gh:`GitHub <hauntsaninja/nginx_pypi_cache>`"
 msgstr ""
 
-#: ../source/key_projects.rst:554
+#: ../source/key_projects.rst:558
 msgid ""
 "nginx_pypi_cache is a :term:`package index <Package Index>` caching proxy "
 "using `nginx <https://nginx.org/en/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:560
+#: ../source/key_projects.rst:564
 msgid "pdm"
 msgstr ""
 
-#: ../source/key_projects.rst:562
+#: ../source/key_projects.rst:566
 msgid ""
 "`Docs <https://pdm.fming.dev/>`__ | `GitHub <https://github.com/pdm-project/"
 "pdm/>`__ | `PyPI <https://pypi.org/project/pdm>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:566
+#: ../source/key_projects.rst:570
 msgid ""
 "PDM is a modern Python package manager. It uses :term:`pyproject.toml` to "
 "store project metadata as defined in :pep:`621`."
 msgstr ""
 
-#: ../source/key_projects.rst:574
+#: ../source/key_projects.rst:578
 msgid ""
 "`Docs <https://pex.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/pantsbuild/pex/>`__ | `PyPI <https://pypi.org/project/pex>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:578
+#: ../source/key_projects.rst:582
 msgid ""
 "Pex is a tool for generating :file:`.pex` (Python EXecutable) files, "
 "standalone Python environments in the spirit of :ref:`virtualenv`. PEX files "
@@ -9887,18 +9936,18 @@ msgid ""
 "PEX file into a standard venv, graphing dependencies and more."
 msgstr ""
 
-#: ../source/key_projects.rst:590
+#: ../source/key_projects.rst:594
 msgid "pip-tools"
 msgstr ""
 
-#: ../source/key_projects.rst:592
+#: ../source/key_projects.rst:596
 msgid ""
 "`Docs <https://pip-tools.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/jazzband/pip-tools/>`__ | `PyPI <https://pypi.org/project/pip-"
 "tools/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:596
+#: ../source/key_projects.rst:600
 msgid ""
 "pip-tools is a suite of tools meant for Python system administrators and "
 "release managers who particularly want to keep their builds deterministic "
@@ -9909,32 +9958,32 @@ msgid ""
 "not provide), and create layers of constraints for the program to obey."
 msgstr ""
 
-#: ../source/key_projects.rst:608
+#: ../source/key_projects.rst:612
 msgid "pip2pi"
 msgstr ""
 
-#: ../source/key_projects.rst:610
+#: ../source/key_projects.rst:614
 msgid ""
 ":gh:`GitHub <wolever/pip2pi>` | `PyPI <https://pypi.org/project/pip2pi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:613
+#: ../source/key_projects.rst:617
 msgid ""
 "pip2pi is a :term:`package index <Package Index>` server where specific "
 "packages are manually synchronised."
 msgstr ""
 
-#: ../source/key_projects.rst:619
+#: ../source/key_projects.rst:623
 msgid "piwheels"
 msgstr ""
 
-#: ../source/key_projects.rst:621
+#: ../source/key_projects.rst:625
 msgid ""
 "`Website <https://www.piwheels.org/>`__ | :doc:`Docs <piwheels:index>` | "
 "`GitHub <https://github.com/piwheels/piwheels/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:625
+#: ../source/key_projects.rst:629
 msgid ""
 "piwheels is a website, and software underpinning it, that fetches source "
 "code distribution packages from PyPI and compiles them into binary wheels "
@@ -9942,17 +9991,17 @@ msgid ""
 "Pi OS pre-configures pip to use piwheels.org as an additional index to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:634
+#: ../source/key_projects.rst:638
 msgid "poetry"
 msgstr ""
 
-#: ../source/key_projects.rst:636
+#: ../source/key_projects.rst:640
 msgid ""
 "`Docs <https://python-poetry.org/>`__ | `GitHub <https://github.com/python-"
 "poetry/poetry>`__ | `PyPI <https://pypi.org/project/poetry/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:640
+#: ../source/key_projects.rst:644
 msgid ""
 "poetry is a command-line tool to handle dependency installation and "
 "isolation as well as building and packaging of Python packages. It uses "
@@ -9962,49 +10011,49 @@ msgid ""
 "caching metadata about dependencies."
 msgstr ""
 
-#: ../source/key_projects.rst:650
+#: ../source/key_projects.rst:654
 msgid "proxpi"
 msgstr ""
 
-#: ../source/key_projects.rst:652
+#: ../source/key_projects.rst:656
 msgid ""
 ":gh:`GitHub <EpicWink/proxpi>` | `PyPI <https://pypi.org/project/proxpi/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:655
+#: ../source/key_projects.rst:659
 msgid ""
 "proxpi is a simple :term:`package index <Package Index>` which proxies PyPI "
 "and other indexes with caching."
 msgstr ""
 
-#: ../source/key_projects.rst:661
+#: ../source/key_projects.rst:665
 msgid "Pulp-python"
 msgstr ""
 
-#: ../source/key_projects.rst:663
+#: ../source/key_projects.rst:667
 msgid ""
 "`Docs <https://docs.pulpproject.org/pulp_python/>`__ | :gh:`GitHub <pulp/"
 "pulp_python>` | `PyPI <https://pypi.org/project/pulp-python/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:667
+#: ../source/key_projects.rst:671
 msgid ""
 "Pulp-python is the Python :term:`package index <Package Index>` plugin for "
 "`Pulp <https://pulpproject.org/>`_. Pulp-python supports mirrors backed by "
 "local or `AWS S3`_, package upload, and proxying to multiple package indexes."
 msgstr ""
 
-#: ../source/key_projects.rst:675
+#: ../source/key_projects.rst:679
 msgid "PyPI Cloud"
 msgstr ""
 
-#: ../source/key_projects.rst:677
+#: ../source/key_projects.rst:681
 msgid ""
 "`Docs <https://pypicloud.readthedocs.io/>`__ | :gh:`GitHub <stevearc/"
 "pypicloud>` | `PyPI <https://pypi.org/project/pypicloud/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:683
+#: ../source/key_projects.rst:687
 msgid ""
 "PyPI Cloud is a :term:`package index <Package Index>` server, backed by `AWS "
 "S3`_ or another cloud storage service, or local files. PyPI Cloud supports "
@@ -10012,33 +10061,33 @@ msgid ""
 "authorisation."
 msgstr ""
 
-#: ../source/key_projects.rst:691
+#: ../source/key_projects.rst:695
 msgid "pypiprivate"
 msgstr ""
 
-#: ../source/key_projects.rst:693
+#: ../source/key_projects.rst:697
 msgid ""
 ":gh:`GitHub <helpshift/pypiprivate>` | `PyPI <https://pypi.org/project/"
 "pypiprivate/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:696
+#: ../source/key_projects.rst:700
 msgid ""
 "pypiprivate serves a local (or `AWS S3`_-hosted) directory of packages as a :"
 "term:`package index <Package Index>`."
 msgstr ""
 
-#: ../source/key_projects.rst:702
+#: ../source/key_projects.rst:706
 msgid "pypiserver"
 msgstr ""
 
-#: ../source/key_projects.rst:704
+#: ../source/key_projects.rst:708
 msgid ""
 "`GitHub <https://github.com/pypiserver/pypiserver>`__ | `PyPI <https://pypi."
 "org/project/pypiserver/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:707
+#: ../source/key_projects.rst:711
 msgid ""
 "pypiserver is a minimalist application that serves as a private Python :term:"
 "`package index <Package Index>` (from a local directory) within "
@@ -10049,17 +10098,17 @@ msgid ""
 "pypiserver and from PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:718
+#: ../source/key_projects.rst:722
 msgid "PyScaffold"
 msgstr ""
 
-#: ../source/key_projects.rst:720
+#: ../source/key_projects.rst:724
 msgid ""
 "`Docs <https://pyscaffold.org>`__ | `GitHub <https://github.com/pyscaffold/"
 "pyscaffold>`__ | `PyPI <https://pypi.org/project/pyscaffold/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:724
+#: ../source/key_projects.rst:728
 msgid ""
 "PyScaffold is a project generator for bootstrapping Python packages, ready "
 "to be shared on PyPI and installable via :ref:`pip`. It relies on a set of "
@@ -10069,33 +10118,33 @@ msgid ""
 "existing projects to make packaging easier."
 msgstr ""
 
-#: ../source/key_projects.rst:735
+#: ../source/key_projects.rst:739
 msgid "pywharf"
 msgstr ""
 
-#: ../source/key_projects.rst:737
+#: ../source/key_projects.rst:741
 msgid ""
 ":gh:`GitHub <pywharf/pywharf>` | `PyPI <https://pypi.org/project/pywharf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:742
+#: ../source/key_projects.rst:746
 msgid ""
 "pywharf is a :term:`package index <Package Index>` server, serving files "
 "locally or from `GitHub <https://github.com/>`_."
 msgstr ""
 
-#: ../source/key_projects.rst:748
+#: ../source/key_projects.rst:752
 msgid "scikit-build"
 msgstr ""
 
-#: ../source/key_projects.rst:750
+#: ../source/key_projects.rst:754
 msgid ""
 "`Docs <https://scikit-build.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/scikit-build/scikit-build/>`__ | `PyPI <https://pypi.org/project/"
 "scikit-build>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:754
+#: ../source/key_projects.rst:758
 msgid ""
 "Scikit-build is a :ref:`setuptools` wrapper for CPython that builds C/C++/"
 "Fortran/Cython extensions It uses `cmake <https://pypi.org/project/cmake>`__ "
@@ -10106,18 +10155,18 @@ msgid ""
 "ninja>`__ (also available on PyPI)."
 msgstr ""
 
-#: ../source/key_projects.rst:765
+#: ../source/key_projects.rst:769
 msgid "scikit-build-core"
 msgstr ""
 
-#: ../source/key_projects.rst:767
+#: ../source/key_projects.rst:771
 msgid ""
 "`Docs <https://scikit-build-core.readthedocs.io/en/latest/>`__ | `GitHub "
 "<https://github.com/scikit-build/scikit-build-core/>`__ | `PyPI <https://"
 "pypi.org/project/scikit-build-core>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:771
+#: ../source/key_projects.rst:775
 msgid ""
 "Scikit-build-core is a build backend for CPython C/C++/Fortran/Cython "
 "extensions.  It enables users to write extensions with `cmake <https://pypi."
@@ -10127,17 +10176,17 @@ msgid ""
 "automatically downloaded from PyPI if not available on the system."
 msgstr ""
 
-#: ../source/key_projects.rst:781
+#: ../source/key_projects.rst:785
 msgid "shiv"
 msgstr ""
 
-#: ../source/key_projects.rst:783
+#: ../source/key_projects.rst:787
 msgid ""
 "`Docs <https://shiv.readthedocs.io/en/latest/>`__ | `GitHub <https://github."
 "com/linkedin/shiv>`__ | `PyPI <https://pypi.org/project/shiv/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:787
+#: ../source/key_projects.rst:791
 msgid ""
 "shiv is a command line utility for building fully self contained Python "
 "zipapps as outlined in :pep:`441`, but with all their dependencies included. "
@@ -10145,17 +10194,17 @@ msgid ""
 "tools fast & easy."
 msgstr ""
 
-#: ../source/key_projects.rst:795
+#: ../source/key_projects.rst:799
 msgid "simpleindex"
 msgstr ""
 
-#: ../source/key_projects.rst:797
+#: ../source/key_projects.rst:801
 msgid ""
 ":gh:`GitHub <uranusjr/simpleindex>` | `PyPI <https://pypi.org/project/"
 "simpleindex/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:800
+#: ../source/key_projects.rst:804
 msgid ""
 "simpleindex is a :term:`package index <Package Index>` which routes URLs to "
 "multiple package indexes (including PyPI), serves local (or cloud-hosted, "
@@ -10163,7 +10212,7 @@ msgid ""
 "supports custom plugins."
 msgstr ""
 
-#: ../source/key_projects.rst:810
+#: ../source/key_projects.rst:814
 msgid ""
 ":doc:`Docs <spack:index>` | `GitHub <https://github.com/spack/spack>`__ | "
 "`Paper <https://www.computer.org/csdl/proceedings-article/"
@@ -10171,7 +10220,7 @@ msgid ""
 "Gamblin-Spack-SC15-Talk.pdf>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:815
+#: ../source/key_projects.rst:819
 msgid ""
 "A flexible package manager designed to support multiple versions, "
 "configurations, platforms, and compilers.  Spack is like Homebrew, but "
@@ -10182,24 +10231,24 @@ msgid ""
 "supercomputers."
 msgstr ""
 
-#: ../source/key_projects.rst:823
+#: ../source/key_projects.rst:827
 msgid ""
 "Spack is not in PyPI (yet), but it requires no installation and can be used "
 "immediately after cloning from GitHub."
 msgstr ""
 
-#: ../source/key_projects.rst:829
+#: ../source/key_projects.rst:833
 msgid "zest.releaser"
 msgstr ""
 
-#: ../source/key_projects.rst:831
+#: ../source/key_projects.rst:835
 msgid ""
 "`Docs <https://zestreleaser.readthedocs.io/en/latest/>`__ | `GitHub <https://"
 "github.com/zestsoftware/zest.releaser/>`__ | `PyPI <https://pypi.org/project/"
 "zest.releaser/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:835
+#: ../source/key_projects.rst:839
 msgid ""
 "``zest.releaser`` is a Python package release tool providing an abstraction "
 "layer on top of :ref:`twine`. Python developers use ``zest.releaser`` to "
@@ -10207,21 +10256,21 @@ msgid ""
 "releases in source control, and uploading new packages to PyPI."
 msgstr ""
 
-#: ../source/key_projects.rst:842
+#: ../source/key_projects.rst:846
 msgid "Standard Library Projects"
 msgstr ""
 
-#: ../source/key_projects.rst:847
+#: ../source/key_projects.rst:851
 msgid "ensurepip"
 msgstr ""
 
-#: ../source/key_projects.rst:849
+#: ../source/key_projects.rst:853
 msgid ""
 "`Docs <https://docs.python.org/3/library/ensurepip.html>`__ | `Issues "
 "<https://bugs.python.org/>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:852
+#: ../source/key_projects.rst:856
 msgid ""
 "A package in the Python Standard Library that provides support for "
 "bootstrapping :ref:`pip` into an existing Python installation or virtual "
@@ -10229,34 +10278,34 @@ msgid ""
 "will be used during the build of the Python distribution."
 msgstr ""
 
-#: ../source/key_projects.rst:860
+#: ../source/key_projects.rst:864
 msgid "http.server"
 msgstr ""
 
-#: ../source/key_projects.rst:862
+#: ../source/key_projects.rst:866
 msgid ""
 ":doc:`Docs <python:library/http.server>` | :gh:`Issues <python/cpython/"
 "issues>`"
 msgstr ""
 
-#: ../source/key_projects.rst:865
+#: ../source/key_projects.rst:869
 msgid ""
 "A package and command-line interface which can host a directory as a "
 "website, for example as a :term:`package index <Package Index>` (see :ref:"
 "`Hosting your Own Simple Repository`)."
 msgstr ""
 
-#: ../source/key_projects.rst:872
+#: ../source/key_projects.rst:876
 msgid "venv"
 msgstr ""
 
-#: ../source/key_projects.rst:874
+#: ../source/key_projects.rst:878
 msgid ""
 "`Docs <https://docs.python.org/3/library/venv.html>`__ | `Issues <https://"
 "github.com/python/cpython/issues>`__"
 msgstr ""
 
-#: ../source/key_projects.rst:877
+#: ../source/key_projects.rst:881
 msgid ""
 "A package in the Python Standard Library (starting with Python 3.3) for "
 "creating :term:`Virtual Environments <Virtual Environment>`.  For more "
@@ -12307,7 +12356,7 @@ msgstr ""
 #: ../source/specifications/platform-compatibility-tags.rst:332
 #: ../source/specifications/pyproject-toml.rst:444
 #: ../source/specifications/recording-installed-packages.rst:252
-#: ../source/specifications/simple-repository-api.rst:974
+#: ../source/specifications/simple-repository-api.rst:988
 #: ../source/specifications/source-distribution-format.rst:144
 #: ../source/specifications/version-specifiers.rst:1266
 #: ../source/specifications/virtual-environments.rst:54
@@ -13377,6 +13426,7 @@ msgstr ""
 #: ../source/specifications/dependency-specifiers.rst:26
 #: ../source/specifications/direct-url-data-structure.rst:19
 #: ../source/specifications/direct-url.rst:15
+#: ../source/specifications/index-hosted-attestations.rst:17
 #: ../source/specifications/inline-script-metadata.rst:13
 msgid "Specification"
 msgstr "規格"
@@ -13514,7 +13564,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/dependency-specifiers.rst:163
-#: ../source/specifications/simple-repository-api.rst:888
+#: ../source/specifications/simple-repository-api.rst:902
 msgid "Versions"
 msgstr "版本"
 
@@ -15142,6 +15192,302 @@ msgid ""
 "www.pypa.io/en/latest/specifications/>`__."
 msgstr ""
 
+#: ../source/specifications/index-hosted-attestations.rst:6
+msgid "Index hosted attestations"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:8
+msgid "This specification was originally defined in :pep:`740`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:12
+msgid ""
+":pep:`740` includes changes to the HTML and JSON index APIs. These changes "
+"are documented in the :ref:`simple-repository-api` under :ref:`simple-"
+"repository-api-base` and :ref:`json-serialization`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:22
+msgid "Upload endpoint changes"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:26
+msgid ""
+"The \"legacy\" upload API is not standardized. See `PyPI's Upload API "
+"documentation <https://docs.pypi.org/api/upload/>`_ for how attestations are "
+"uploaded."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:33
+msgid "Attestation objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:35
+msgid ""
+"An attestation object is a JSON object with several required keys; "
+"applications or signers may include additional keys so long as all "
+"explicitly listed keys are provided. The required layout of an attestation "
+"object is provided as pseudocode below."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:88
+msgid ""
+"A full data model for each object in ``transparency_entries`` is provided "
+"in :ref:`appendix`. Attestation objects **SHOULD** include one or more "
+"transparency log entries, and **MAY** include additional keys for other "
+"sources of signed time (such as an :rfc:`3161` Time Stamping Authority or a "
+"`Roughtime <https://blog.cloudflare.com/roughtime>`__ server)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:94
+msgid ""
+"Attestation objects are versioned; this PEP specifies version 1. Each "
+"version is tied to a single cryptographic suite to minimize unnecessary "
+"cryptographic agility. In version 1, the suite is as follows:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:98
+msgid ""
+"Certificates are specified as X.509 certificates, and comply with the "
+"profile in :rfc:`5280`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:100
+msgid ""
+"The message signature algorithm is ECDSA, with the P-256 curve for public "
+"keys and SHA-256 as the cryptographic digest function."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:103
+msgid ""
+"Future PEPs may change this suite (and the overall shape of the attestation "
+"object) by selecting a new version number."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:109
+msgid "Attestation statement and signature generation"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:111
+msgid ""
+"The *attestation statement* is the actual claim that is cryptographically "
+"signed over within the attestation object (i.e., the ``envelope.statement``)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:114
+msgid ""
+"The attestation statement is encoded as a `v1 in-toto Statement object "
+"<https://github.com/in-toto/attestation/blob/v1.0/spec/v1.0/statement."
+"md>`__, in JSON form. When serialized the statement is treated as an opaque "
+"binary blob, avoiding the need for canonicalization."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:119
+msgid ""
+"In addition to being a v1 in-toto Statement, the attestation statement is "
+"constrained in the following ways:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:122
+msgid "The in-toto ``subject`` **MUST** contain only a single subject."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:123
+msgid ""
+"``subject[0].name`` is the distribution's filename, which **MUST** be a "
+"valid :ref:`source distribution <source-distribution-format>` or :ref:`wheel "
+"distribution <binary-distribution-format>` filename."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:126
+msgid ""
+"``subject[0].digest`` **MUST** contain a SHA-256 digest. Other digests "
+"**MAY** be present. The digests **MUST** be represented as hexadecimal "
+"strings."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:128
+msgid "The following ``predicateType`` values are supported:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:130
+msgid ""
+"`SLSA Provenance <https://slsa.dev/provenance/v1>`__: ``https://slsa.dev/"
+"provenance/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:131
+msgid ""
+"`PyPI Publish Attestation <https://docs.pypi.org/attestations/publish/"
+"v1>`__: ``https://docs.pypi.org/attestations/publish/v1``"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:133
+msgid ""
+"The signature over this statement is constructed using the `v1 DSSE "
+"signature protocol <https://github.com/secure-systems-lab/dsse/blob/v1.0.0/"
+"protocol.md>`__, with a ``PAYLOAD_TYPE`` of ``application/vnd.in-toto+json`` "
+"and a ``PAYLOAD_BODY`` of the JSON-encoded statement above. No other "
+"``PAYLOAD_TYPE`` is permitted."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:141
+msgid "Provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:143
+msgid ""
+"The index will serve uploaded attestations along with metadata that can "
+"assist in verifying them in the form of JSON serialized objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:146
+msgid ""
+"These *provenance objects* will be available via both the Simple Index and "
+"JSON-based Simple API as described above, and will have the following layout:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:169
+msgid "or, as pseudocode:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:217
+msgid ""
+"``version`` is ``1``. Like attestation objects, provenance objects are "
+"versioned, and this PEP only defines version ``1``."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:219
+msgid ""
+"``attestation_bundles`` is a **required** JSON array, containing one or more "
+"\"bundles\" of attestations. Each bundle corresponds to a signing identity "
+"(such as a Trusted Publishing identity), and contains one or more "
+"attestation objects."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:224
+msgid ""
+"As noted in the ``Publisher`` model, each ``AttestationBundle.publisher`` "
+"object is specific to its Trusted Publisher but must include at minimum:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:228
+msgid ""
+"A ``kind`` key, which **MUST** be a JSON string that uniquely identifies the "
+"kind of Trusted Publisher."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:230
+msgid ""
+"A ``claims`` key, which **MUST** be a JSON object containing any context-"
+"specific claims retained by the index during Trusted Publisher "
+"authentication."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:233
+msgid "All other keys in the publisher object are publisher-specific."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:235
+msgid ""
+"Each array of attestation objects is a superset of the ``attestations`` "
+"array supplied by the uploaded through the ``attestations`` field at upload "
+"time, as described in :ref:`upload-endpoint` and :ref:`changes-to-provenance-"
+"objects`."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:243
+msgid "Changes to provenance objects"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:245
+msgid ""
+"Provenance objects are *not* immutable, and may change over time. Reasons "
+"for changes to the provenance object include but are not limited to:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:248
+msgid ""
+"Addition of new attestations for a pre-existing signing identity: the index "
+"**MAY** choose to allow additional attestations by pre-existing signing "
+"identities, such as newer attestation versions for already uploaded files."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:253
+msgid ""
+"Addition of new signing identities and associated attestations: the index "
+"**MAY** choose to support attestations from sources other than the file's "
+"uploader, such as third-party auditors or the index itself. These "
+"attestations may be performed asynchronously, requiring the index to insert "
+"them into the provenance object *post facto*."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:262
+msgid "Attestation verification"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:264
+msgid ""
+"Verifying an attestation object against a distribution file requires "
+"verification of each of the following:"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:267
+msgid "``version`` is ``1``. The verifier **MUST** reject any other version."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:268
+msgid ""
+"``verification_material.certificate`` is a valid signing certificate, as "
+"issued by an *a priori* trusted authority (such as a root of trust already "
+"present within the verifying client)."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:271
+msgid ""
+"``verification_material.certificate`` identifies an appropriate signing "
+"subject, such as the machine identity of the Trusted Publisher that "
+"published the package."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:274
+msgid ""
+"``envelope.statement`` is a valid in-toto v1 Statement, with a subject and "
+"digest that **MUST** match the distribution's filename and contents. For the "
+"distribution's filename, matching **MUST** be performed by parsing using the "
+"appropriate source distribution or wheel filename format, as the statement's "
+"subject may be equivalent but normalized."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:279
+msgid ""
+"``envelope.signature`` is a valid signature for ``envelope.statement`` "
+"corresponding to ``verification_material.certificate``, as reconstituted via "
+"the `v1 DSSE signature protocol <https://github.com/secure-systems-lab/dsse/"
+"blob/v1.0.0/protocol.md>`__."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:284
+msgid ""
+"In addition to the above required steps, a verifier **MAY** additionally "
+"verify ``verification_material.transparency_entries`` on a policy basis, e."
+"g. requiring at least one transparency log entry or a threshold of entries. "
+"When verifying transparency entries, the verifier **MUST** confirm that the "
+"inclusion time for each entry lies within the signing certificate's validity "
+"period."
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:293
+msgid "Appendix: Data models for Transparency Log Entries"
+msgstr ""
+
+#: ../source/specifications/index-hosted-attestations.rst:295
+msgid ""
+"This appendix contains pseudocoded data models for transparency log entries "
+"in attestation objects. Each transparency log entry serves as a source of "
+"signed inclusion time, and can be verified either online or offline."
+msgstr ""
+
 #: ../source/specifications/inline-script-metadata.rst:5
 msgid "Inline script metadata"
 msgstr ""
@@ -15314,7 +15660,7 @@ msgid ""
 msgstr ""
 
 #: ../source/specifications/inline-script-metadata.rst:205
-#: ../source/specifications/simple-repository-api.rst:815
+#: ../source/specifications/simple-repository-api.rst:829
 msgid "Recommendations"
 msgstr ""
 
@@ -17206,12 +17552,27 @@ msgid ""
 "``&gt;``, respectively."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:100
+#: ../source/specifications/simple-repository-api.rst:99
+msgid ""
+"A repository **MAY** include a ``data-provenance`` attribute on a file link. "
+"The value of this attribute **MUST** be a fully qualified URL, signaling "
+"that the file's provenance can be found at that URL. This URL **MUST** "
+"represent a `secure origin <https://www.chromium.org/Home/chromium-security/"
+"prefer-secure-origins-for-powerful-new-features/>`_."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:106
+msgid ""
+"The format of the linked provenance is defined in :ref:`index-hosted-"
+"attestations`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:109
 #, fuzzy
 msgid "Normalized Names"
 msgstr "翻譯"
 
-#: ../source/specifications/simple-repository-api.rst:102
+#: ../source/specifications/simple-repository-api.rst:111
 msgid ""
 "This spec references the concept of a \"normalized\" project name. As per :"
 "ref:`the name normalization specification <name-normalization>` the only "
@@ -17221,11 +17582,11 @@ msgid ""
 "implemented in Python with the ``re`` module::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:117
+#: ../source/specifications/simple-repository-api.rst:126
 msgid "Adding \"Yank\" Support to the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:119
+#: ../source/specifications/simple-repository-api.rst:128
 msgid ""
 "Links in the simple repository **MAY** have a ``data-yanked`` attribute "
 "which may have no value, or may have an arbitrary string as a value. The "
@@ -17235,7 +17596,7 @@ msgid ""
 "under specific scenarios."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:126
+#: ../source/specifications/simple-repository-api.rst:135
 msgid ""
 "The value of the ``data-yanked`` attribute, if present, is an arbitrary "
 "string that represents the reason for why the file has been yanked. Tools "
@@ -17243,7 +17604,7 @@ msgid ""
 "users."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:131
+#: ../source/specifications/simple-repository-api.rst:140
 msgid ""
 "The yanked attribute is not immutable once set, and may be rescinded in the "
 "future (and once rescinded, may be reset as well). Thus API users **MUST** "
@@ -17251,12 +17612,12 @@ msgid ""
 "again)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:138
+#: ../source/specifications/simple-repository-api.rst:147
 #, fuzzy
 msgid "Installers"
 msgstr "安裝軟體套件"
 
-#: ../source/specifications/simple-repository-api.rst:140
+#: ../source/specifications/simple-repository-api.rst:149
 msgid ""
 "The desirable experience for users is that once a file is yanked, when a "
 "human being is currently trying to directly install a yanked file, that it "
@@ -17266,7 +17627,7 @@ msgid ""
 "been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:147
+#: ../source/specifications/simple-repository-api.rst:156
 msgid ""
 "An installer **MUST** ignore yanked releases, if the selection constraints "
 "can be satisfied with a non-yanked version, and **MAY** refuse to use a "
@@ -17276,14 +17637,14 @@ msgid ""
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:154
+#: ../source/specifications/simple-repository-api.rst:163
 msgid ""
 "What this means is left up to the specific installer, to decide how to best "
 "fit into the overall usage of their installer. However, there are two "
 "suggested approaches to take:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:158
+#: ../source/specifications/simple-repository-api.rst:167
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "a version specifier that \"pins\" to an exact version using either ``==`` "
@@ -17293,7 +17654,7 @@ msgid ""
 "versions, zero padding, etc."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:165
+#: ../source/specifications/simple-repository-api.rst:174
 msgid ""
 "Yanked files are always ignored, unless they are the only file that matches "
 "what a lock file (such as ``Pipfile.lock`` or ``poetry.lock``) specifies to "
@@ -17301,7 +17662,7 @@ msgid ""
 "creating or updating a lock file from some input file or command."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:171
+#: ../source/specifications/simple-repository-api.rst:180
 msgid ""
 "Regardless of the specific strategy that an installer chooses for deciding "
 "when to install yanked files, an installer **SHOULD** emit a warning when it "
@@ -17310,38 +17671,38 @@ msgid ""
 "specific feedback to the user about why that file had been yanked."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:179
+#: ../source/specifications/simple-repository-api.rst:188
 msgid "Mirrors"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:181
+#: ../source/specifications/simple-repository-api.rst:190
 msgid "Mirrors can generally treat yanked files one of two ways:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:183
+#: ../source/specifications/simple-repository-api.rst:192
 msgid ""
 "They may choose to omit them from their simple repository API completely, "
 "providing a view over the repository that shows only \"active\", unyanked "
 "files."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:186
+#: ../source/specifications/simple-repository-api.rst:195
 msgid ""
 "They may choose to include yanked files, and additionally mirror the ``data-"
 "yanked`` attribute as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:189
+#: ../source/specifications/simple-repository-api.rst:198
 msgid ""
 "Mirrors **MUST NOT** mirror a yanked file without also mirroring the ``data-"
 "yanked`` attribute for it."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:195
+#: ../source/specifications/simple-repository-api.rst:204
 msgid "Versioning PyPI's Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:197
+#: ../source/specifications/simple-repository-api.rst:206
 msgid ""
 "This spec proposes the inclusion of a meta tag on the responses of every "
 "successful request to a simple API page, which contains a name attribute of "
@@ -17352,29 +17713,29 @@ msgid ""
 "<version-specifiers>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:205
+#: ../source/specifications/simple-repository-api.rst:214
 msgid "This would end up looking like::"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:209
+#: ../source/specifications/simple-repository-api.rst:218
 msgid "When interpreting the repository version:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:211
+#: ../source/specifications/simple-repository-api.rst:220
 msgid ""
 "Incrementing the major version is used to signal a backwards incompatible "
 "change such that existing clients would no longer be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:214
+#: ../source/specifications/simple-repository-api.rst:223
 msgid ""
 "Incrementing the minor version is used to signal a backwards compatible "
 "change such that existing clients would still be expected to be able to "
 "meaningfully use the API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:218
+#: ../source/specifications/simple-repository-api.rst:227
 msgid ""
 "It is left up to the discretion of any future specs as to what specifically "
 "constitutes a backwards incompatible vs compatible change beyond the broad "
@@ -17383,7 +17744,7 @@ msgid ""
 "features."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:224
+#: ../source/specifications/simple-repository-api.rst:233
 msgid ""
 "It is expectation of this spec that the major version will never be "
 "incremented, and any future major API evolutions would utilize a different "
@@ -17393,50 +17754,50 @@ msgid ""
 "set to a version >= 2)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:231
+#: ../source/specifications/simple-repository-api.rst:240
 msgid ""
 "This spec sets the current API version to \"1.0\", and expects that future "
 "specs that further evolve the simple API will increment the minor version "
 "number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:237
-#: ../source/specifications/simple-repository-api.rst:957
+#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:971
 #, fuzzy
 #| msgid "Contents"
 msgid "Clients"
 msgstr "内容"
 
-#: ../source/specifications/simple-repository-api.rst:239
+#: ../source/specifications/simple-repository-api.rst:248
 msgid ""
 "Clients interacting with the simple API **SHOULD** introspect each response "
 "for the repository version, and if that data does not exist **MUST** assume "
 "that it is version 1.0."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:243
+#: ../source/specifications/simple-repository-api.rst:252
 msgid ""
 "When encountering a major version greater than expected, clients **MUST** "
 "hard fail with an appropriate error message for the user."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:246
+#: ../source/specifications/simple-repository-api.rst:255
 msgid ""
 "When encountering a minor version greater than expected, clients **SHOULD** "
 "warn users with an appropriate message."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:249
+#: ../source/specifications/simple-repository-api.rst:258
 msgid ""
 "Clients **MAY** still continue to use feature detection in order to "
 "determine what features a repository uses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:255
+#: ../source/specifications/simple-repository-api.rst:264
 msgid "Serve Distribution Metadata in the Simple Repository API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:257
+#: ../source/specifications/simple-repository-api.rst:266
 msgid ""
 "In a simple repository's project page, each anchor tag pointing to a "
 "distribution **MAY** have a ``data-dist-info-metadata`` attribute. The "
@@ -17445,7 +17806,7 @@ msgid ""
 "when the distribution is processed and/or installed."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:263
+#: ../source/specifications/simple-repository-api.rst:272
 msgid ""
 "If a ``data-dist-info-metadata`` attribute is present, the repository "
 "**MUST** serve the distribution's Core Metadata file alongside the "
@@ -17457,7 +17818,7 @@ msgid ""
 "GPG signature file's location."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:272
+#: ../source/specifications/simple-repository-api.rst:281
 msgid ""
 "The repository **SHOULD** provide the hash of the Core Metadata file as the "
 "``data-dist-info-metadata`` attribute's value using the syntax "
@@ -17467,18 +17828,18 @@ msgid ""
 "unavailable."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:280
+#: ../source/specifications/simple-repository-api.rst:289
 msgid "Backwards Compatibility"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:282
+#: ../source/specifications/simple-repository-api.rst:291
 msgid ""
 "If an anchor tag lacks the ``data-dist-info-metadata`` attribute, tools are "
 "expected to revert to their current behaviour of downloading the "
 "distribution to inspect the metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:286
+#: ../source/specifications/simple-repository-api.rst:295
 msgid ""
 "Older tools not supporting the new ``data-dist-info-metadata`` attribute are "
 "expected to ignore the attribute and maintain their current behaviour of "
@@ -17486,11 +17847,11 @@ msgid ""
 "prior ``data-`` attribute additions expect existing tools to operate."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:295
+#: ../source/specifications/simple-repository-api.rst:304
 msgid "JSON-based Simple API for Python Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:297
+#: ../source/specifications/simple-repository-api.rst:306
 msgid ""
 "To enable response parsing with only the standard library, this spec "
 "specifies that all responses (besides the files themselves, and the HTML "
@@ -17498,7 +17859,7 @@ msgid ""
 "base>`) should be serialized using `JSON <https://www.json.org/>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:302
+#: ../source/specifications/simple-repository-api.rst:311
 msgid ""
 "To enable zero configuration discovery and to minimize the amount of "
 "additional HTTP requests, this spec extends :ref:`the base HTML API "
@@ -17508,7 +17869,7 @@ msgid ""
 "format to serve, i.e. either HTML or JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:312
+#: ../source/specifications/simple-repository-api.rst:321
 msgid ""
 "Versioning will adhere to :ref:`the API versioning specification <simple-"
 "repository-api-versioning>` format (``Major.Minor``), which has defined the "
@@ -17518,7 +17879,7 @@ msgid ""
 "``1.0`` version, and instead just describes how to serialize that into JSON."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:319
+#: ../source/specifications/simple-repository-api.rst:328
 msgid ""
 "Similar to :ref:`the API versioning specification <simple-repository-api-"
 "versioning>`, the major version number **MUST** be incremented if any "
@@ -17526,28 +17887,28 @@ msgid ""
 "existing clients to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:325
+#: ../source/specifications/simple-repository-api.rst:334
 msgid ""
 "Likewise, the minor version **MUST** be incremented if features are added or "
 "removed from the format, but existing clients would be expected to continue "
 "to meaningfully understand the format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:329
+#: ../source/specifications/simple-repository-api.rst:338
 msgid ""
 "Changes that would not result in existing clients being unable to "
 "meaningfully understand the format and which do not represent features being "
 "added or removed may occur without changing the version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:333
+#: ../source/specifications/simple-repository-api.rst:342
 msgid ""
 "This is intentionally vague, as this spec believes it is best left up to "
 "future specs that make any changes to the API to investigate and decide "
 "whether or not that change should increment the major or minor version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:337
+#: ../source/specifications/simple-repository-api.rst:346
 msgid ""
 "Future versions of the API may add things that can only be represented in a "
 "subset of the available serializations of that version. All serializations "
@@ -17556,38 +17917,38 @@ msgid ""
 "whether or not that feature is present at all."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:343
+#: ../source/specifications/simple-repository-api.rst:352
 msgid ""
 "It is the intent of this spec that the API should be thought of as URL "
 "endpoints that return data, whose interpretation is defined by the version "
 "of that data, and then serialized into the target serialization format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:351
+#: ../source/specifications/simple-repository-api.rst:360
 #, fuzzy
 msgid "JSON Serialization"
 msgstr "翻譯"
 
-#: ../source/specifications/simple-repository-api.rst:353
+#: ../source/specifications/simple-repository-api.rst:362
 msgid ""
 "The URL structure from :ref:`the base HTML API specification <simple-"
 "repository-api-base>` still applies, as this spec only adds an additional "
 "serialization format for the already existing API."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:357
+#: ../source/specifications/simple-repository-api.rst:366
 msgid ""
 "The following constraints apply to all JSON serialized responses described "
 "in this spec:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:360
+#: ../source/specifications/simple-repository-api.rst:369
 msgid ""
 "All JSON responses will *always* be a JSON object rather than an array or "
 "other type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:363
+#: ../source/specifications/simple-repository-api.rst:372
 msgid ""
 "While JSON doesn't natively support a URL type, any value that represents an "
 "URL in this API may be either absolute or relative as long as they point to "
@@ -17595,19 +17956,19 @@ msgid ""
 "if it were HTML."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:368
+#: ../source/specifications/simple-repository-api.rst:377
 msgid ""
 "Additional keys may be added to any dictionary objects in the API responses "
 "and clients **MUST** ignore keys that they don't understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:371
+#: ../source/specifications/simple-repository-api.rst:380
 msgid ""
 "All JSON responses will have a ``meta`` key, which contains information "
 "related to the response itself, rather than the content of the response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:374
+#: ../source/specifications/simple-repository-api.rst:383
 msgid ""
 "All JSON responses will have a ``meta.api-version`` key, which will be a "
 "string that contains the :ref:`API versioning specification <simple-"
@@ -17616,43 +17977,43 @@ msgid ""
 "<simple-repository-api-versioning>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:380
+#: ../source/specifications/simple-repository-api.rst:389
 msgid ""
 "All requirements of :ref:`the base HTML API specification <simple-repository-"
 "api-base>` that are not HTML specific still apply."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:385
+#: ../source/specifications/simple-repository-api.rst:394
 #, fuzzy
 #| msgid "Project name"
 msgid "Project List"
 msgstr "專案名稱"
 
-#: ../source/specifications/simple-repository-api.rst:387
+#: ../source/specifications/simple-repository-api.rst:396
 msgid ""
 "The root URL ``/`` for this spec (which represents the base URL) will be a "
 "JSON encoded dictionary which has a two keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:390
+#: ../source/specifications/simple-repository-api.rst:399
 msgid ""
 "``projects``: An array where each entry is a dictionary with a single key, "
 "``name``, which represents string of the project name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:391
-#: ../source/specifications/simple-repository-api.rst:440
+#: ../source/specifications/simple-repository-api.rst:400
+#: ../source/specifications/simple-repository-api.rst:449
 msgid ""
 "``meta``: The general response metadata as `described earlier <json-"
 "serialization_>`__."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:393
-#: ../source/specifications/simple-repository-api.rst:499
+#: ../source/specifications/simple-repository-api.rst:402
+#: ../source/specifications/simple-repository-api.rst:512
 msgid "As an example:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:410
+#: ../source/specifications/simple-repository-api.rst:419
 msgid ""
 "The ``name`` field is the same as the one from :ref:`the base HTML API "
 "specification <simple-repository-api-base>`, which does not specify whether "
@@ -17662,7 +18023,7 @@ msgid ""
 "implementation detail of the repository in question."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:420
+#: ../source/specifications/simple-repository-api.rst:429
 msgid ""
 "While the ``projects`` key is an array, and thus is required to be in some "
 "kind of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17672,13 +18033,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:429
+#: ../source/specifications/simple-repository-api.rst:438
 #, fuzzy
 #| msgid "Project name"
 msgid "Project Detail"
 msgstr "專案名稱"
 
-#: ../source/specifications/simple-repository-api.rst:431
+#: ../source/specifications/simple-repository-api.rst:440
 msgid ""
 "The format of this URL is ``/<project>/`` where the ``<project>`` is "
 "replaced by the :ref:`the base HTML API specification <simple-repository-api-"
@@ -17686,33 +18047,33 @@ msgid ""
 "would have a URL like ``/silly-walk/``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:436
+#: ../source/specifications/simple-repository-api.rst:445
 msgid ""
 "This URL must respond with a JSON encoded dictionary that has three keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:438
+#: ../source/specifications/simple-repository-api.rst:447
 msgid "``name``: The normalized name of the project."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:439
+#: ../source/specifications/simple-repository-api.rst:448
 msgid ""
 "``files``: A list of dictionaries, each one representing an individual file."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:442
+#: ../source/specifications/simple-repository-api.rst:451
 msgid "Each individual file dictionary has the following keys:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:444
+#: ../source/specifications/simple-repository-api.rst:453
 msgid "``filename``: The filename that is being represented."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:445
+#: ../source/specifications/simple-repository-api.rst:454
 msgid "``url``: The URL that the file can be fetched from."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:446
+#: ../source/specifications/simple-repository-api.rst:455
 msgid ""
 "``hashes``: A dictionary mapping a hash name to a hex encoded digest of the "
 "file. Multiple hashes can be included, and it is up to the client to decide "
@@ -17721,14 +18082,14 @@ msgid ""
 "to be lowercase."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:451
+#: ../source/specifications/simple-repository-api.rst:460
 msgid ""
 "The ``hashes`` dictionary **MUST** be present, even if no hashes are "
 "available for the file, however it is **HIGHLY** recommended that at least "
 "one secure, guaranteed-to-be-available hash is always included."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:455
+#: ../source/specifications/simple-repository-api.rst:464
 msgid ""
 "By default, any hash algorithm available via :py:mod:`hashlib` (specifically "
 "any that can be passed to :py:func:`hashlib.new()` and do not require "
@@ -17738,7 +18099,7 @@ msgid ""
 "specifically is recommended."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:460
+#: ../source/specifications/simple-repository-api.rst:469
 msgid ""
 "``requires-python``: An **optional** key that exposes the :ref:`core-"
 "metadata-requires-python` metadata field. Where this is present, installer "
@@ -17746,14 +18107,14 @@ msgid ""
 "that doesn't satisfy the requirement."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:466
+#: ../source/specifications/simple-repository-api.rst:475
 msgid ""
 "Unlike ``data-requires-python`` in :ref:`the base HTML API specification "
 "<simple-repository-api-base>`, the ``requires-python`` key does not require "
 "any special escaping other than anything JSON does naturally."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:469
+#: ../source/specifications/simple-repository-api.rst:478
 msgid ""
 "``dist-info-metadata``: An **optional** key that indicates that metadata for "
 "this file is available, via the same location as specified in :ref:`the API "
@@ -17763,27 +18124,27 @@ msgid ""
 "dictionary mapping hash names to a hex encoded digest of the metadata's hash."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:477
+#: ../source/specifications/simple-repository-api.rst:486
 msgid ""
 "When this is a dictionary of hashes instead of a boolean, then all the same "
 "requirements and recommendations as the ``hashes`` key hold true for this "
 "key as well."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:481
+#: ../source/specifications/simple-repository-api.rst:490
 msgid ""
 "If this key is missing then the metadata file may or may not exist. If the "
 "key value is truthy, then the metadata file is present, and if it is falsey "
 "then it is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:485
+#: ../source/specifications/simple-repository-api.rst:494
 msgid ""
 "It is recommended that servers make the hashes of the metadata file "
 "available if possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:487
+#: ../source/specifications/simple-repository-api.rst:496
 msgid ""
 "``gpg-sig``: An **optional** key that acts a boolean to indicate if the file "
 "has an associated GPG signature or not. The URL for the signature file "
@@ -17792,7 +18153,7 @@ msgid ""
 "the signature may or may not exist."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:492
+#: ../source/specifications/simple-repository-api.rst:501
 msgid ""
 "``yanked``: An **optional** key which may be either a boolean to indicate if "
 "the file has been yanked, or a non empty, but otherwise arbitrary, string to "
@@ -17803,7 +18164,15 @@ msgid ""
 "api-yank>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:529
+#: ../source/specifications/simple-repository-api.rst:507
+msgid ""
+"``provenance``: An **optional** key which, if present **MUST** be either a "
+"JSON string or ``null``. If not ``null``, it **MUST** be a URL to the file's "
+"associated provenance, with the same rules as ``data-provenance`` in the :"
+"ref:`base HTML API specification <simple-repository-api-base>`."
+msgstr ""
+
+#: ../source/specifications/simple-repository-api.rst:543
 msgid ""
 "While the ``files`` key is an array, and thus is required to be in some kind "
 "of an order, neither :ref:`the base HTML API specification <simple-"
@@ -17813,13 +18182,13 @@ msgid ""
 "have sets."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:538
+#: ../source/specifications/simple-repository-api.rst:552
 #, fuzzy
 #| msgid "Contents"
 msgid "Content-Types"
 msgstr "内容"
 
-#: ../source/specifications/simple-repository-api.rst:540
+#: ../source/specifications/simple-repository-api.rst:554
 msgid ""
 "This spec proposes that all responses from the Simple API will have a "
 "standard content type that describes what the response is (a Simple API "
@@ -17827,11 +18196,11 @@ msgid ""
 "format has been used."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:544
+#: ../source/specifications/simple-repository-api.rst:558
 msgid "The structure of this content type will be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:550
+#: ../source/specifications/simple-repository-api.rst:564
 msgid ""
 "Since only major versions should be disruptive to clients attempting to "
 "understand one of these API responses, only the major version will be "
@@ -17839,19 +18208,19 @@ msgid ""
 "that it is a version number."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:555
+#: ../source/specifications/simple-repository-api.rst:569
 msgid "Which means that for the existing 1.0 API, the content types would be:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:557
+#: ../source/specifications/simple-repository-api.rst:571
 msgid "**JSON:** ``application/vnd.pypi.simple.v1+json``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:558
+#: ../source/specifications/simple-repository-api.rst:572
 msgid "**HTML:** ``application/vnd.pypi.simple.v1+html``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:560
+#: ../source/specifications/simple-repository-api.rst:574
 msgid ""
 "In addition to the above, a special \"meta\" version is supported named "
 "``latest``, whose purpose is to allow clients to request the absolute latest "
@@ -17860,7 +18229,7 @@ msgid ""
 "support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:565
+#: ../source/specifications/simple-repository-api.rst:579
 msgid ""
 "To support existing clients which expect the existing :ref:`the base HTML "
 "API specification <simple-repository-api-base>` API responses to use the "
@@ -17868,12 +18237,12 @@ msgid ""
 "alias for the ``application/vnd.pypi.simple.v1+html`` content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:572
+#: ../source/specifications/simple-repository-api.rst:586
 #, fuzzy
 msgid "Version + Format Selection"
 msgstr "翻譯"
 
-#: ../source/specifications/simple-repository-api.rst:574
+#: ../source/specifications/simple-repository-api.rst:588
 msgid ""
 "Now that there is multiple possible serializations, we need a mechanism to "
 "allow clients to indicate what serialization formats they're able to "
@@ -17882,65 +18251,65 @@ msgid ""
 "expecting the previous API version."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:579
+#: ../source/specifications/simple-repository-api.rst:593
 msgid ""
 "To enable this, this spec standardizes on the use of HTTP's `Server-Driven "
 "Content Negotiation <https://developer.mozilla.org/en-US/docs/Web/HTTP/"
 "Content_negotiation>`_."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:582
+#: ../source/specifications/simple-repository-api.rst:596
 msgid ""
 "While this spec won't fully describe the entirety of server-driven content "
 "negotiation, the flow is roughly:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:585
+#: ../source/specifications/simple-repository-api.rst:599
 msgid ""
 "The client makes an HTTP request containing an ``Accept`` header listing all "
 "of the version+format content types that they are able to understand."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:587
+#: ../source/specifications/simple-repository-api.rst:601
 msgid ""
 "The server inspects that header, selects one of the listed content types, "
 "then returns a response using that content type (treating the absence of an "
 "``Accept`` header as ``Accept: */*``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:590
+#: ../source/specifications/simple-repository-api.rst:604
 msgid ""
 "If the server does not support any of the content types in the ``Accept`` "
 "header then they are able to choose between 3 different options for how to "
 "respond:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:594
+#: ../source/specifications/simple-repository-api.rst:608
 msgid ""
 "Select a default content type other than what the client has requested and "
 "return a response with that."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:596
+#: ../source/specifications/simple-repository-api.rst:610
 msgid ""
 "Return a HTTP ``406 Not Acceptable`` response to indicate that none of the "
 "requested content types were available, and the server was unable or "
 "unwilling to select a default content type to respond with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:599
+#: ../source/specifications/simple-repository-api.rst:613
 msgid ""
 "Return a HTTP ``300 Multiple Choices`` response that contains a list of all "
 "of the possible responses that could have been chosen."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:601
+#: ../source/specifications/simple-repository-api.rst:615
 msgid ""
 "The client interprets the response, handling the different types of "
 "responses that the server may have responded with."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:604
+#: ../source/specifications/simple-repository-api.rst:618
 msgid ""
 "This spec does not specify which choices the server makes in regards to "
 "handling a content type that it isn't able to return, and clients **SHOULD** "
@@ -17948,7 +18317,7 @@ msgid ""
 "the most sense for that client."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:609
+#: ../source/specifications/simple-repository-api.rst:623
 msgid ""
 "However, as there is no standard format for how a ``300 Multiple Choices`` "
 "response can be interpreted, this spec highly discourages servers from "
@@ -17959,7 +18328,7 @@ msgid ""
 "error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:616
+#: ../source/specifications/simple-repository-api.rst:630
 msgid ""
 "This spec **does** require that if the meta version ``latest`` is being "
 "used, the server **MUST** respond with the content type for the actual "
@@ -17968,33 +18337,33 @@ msgid ""
 "have a ``Content-Type`` of ``application/vnd.pypi.simple.v1+json``)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:623
+#: ../source/specifications/simple-repository-api.rst:637
 msgid ""
 "The ``Accept`` header is a comma separated list of content types that the "
 "client understands and is able to process. It supports three different "
 "formats for each content type that is being requested:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:627
+#: ../source/specifications/simple-repository-api.rst:641
 msgid "``$type/$subtype``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:628
+#: ../source/specifications/simple-repository-api.rst:642
 msgid "``$type/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:629
+#: ../source/specifications/simple-repository-api.rst:643
 msgid "``*/*``"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:631
+#: ../source/specifications/simple-repository-api.rst:645
 msgid ""
 "For the use of selecting a version+format, the most useful of these is "
 "``$type/$subtype``, as that is the only way to actually specify the version "
 "and format you want."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:635
+#: ../source/specifications/simple-repository-api.rst:649
 msgid ""
 "The order of the content types listed in the ``Accept`` header does not have "
 "any specific meaning, and the server **SHOULD** consider all of them to be "
@@ -18004,7 +18373,7 @@ msgid ""
 "Quality_values>`_ syntax."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:642
+#: ../source/specifications/simple-repository-api.rst:656
 msgid ""
 "This allows a client to specify a priority for a specific entry in their "
 "``Accept`` header, by appending a ``;q=`` followed by a value between ``0`` "
@@ -18014,7 +18383,7 @@ msgid ""
 "quality of ``1``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:648
+#: ../source/specifications/simple-repository-api.rst:662
 msgid ""
 "However, clients should keep in mind that a server is free to select **any** "
 "of the content types they've asked for, regardless of their requested "
@@ -18022,7 +18391,7 @@ msgid ""
 "for."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:652
+#: ../source/specifications/simple-repository-api.rst:666
 msgid ""
 "To aid clients in determining the content type of the response that they "
 "have received from an API request, this spec requires that servers always "
@@ -18033,22 +18402,22 @@ msgid ""
 "collector.py#L123-L150>`_ so the risks for actual breakages is low."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:659
+#: ../source/specifications/simple-repository-api.rst:673
 msgid "An example of how a client can operate would look like:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:710
+#: ../source/specifications/simple-repository-api.rst:724
 msgid ""
 "If a client wishes to only support HTML or only support JSON, then they "
 "would just remove the content types that they do not want from the "
 "``Accept`` header, and turn receiving them into an error."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:716
+#: ../source/specifications/simple-repository-api.rst:730
 msgid "Alternative Negotiation Mechanisms"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:718
+#: ../source/specifications/simple-repository-api.rst:732
 msgid ""
 "While using HTTP's Content negotiation is considered the standard way for a "
 "client and server to coordinate to ensure that the client is getting an HTTP "
@@ -18057,25 +18426,25 @@ msgid ""
 "negotiation mechanisms that may *optionally* be used instead."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:726
+#: ../source/specifications/simple-repository-api.rst:740
 msgid "URL Parameter"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:728
+#: ../source/specifications/simple-repository-api.rst:742
 msgid ""
 "Servers that implement the Simple API may choose to support a URL parameter "
 "named ``format`` to allow the clients to request a specific version of the "
 "URL."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:731
+#: ../source/specifications/simple-repository-api.rst:745
 msgid ""
 "The value of the ``format`` parameter should be **one** of the valid content "
 "types. Passing multiple content types, wild cards, quality values, etc... is "
 "**not** supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:735
+#: ../source/specifications/simple-repository-api.rst:749
 msgid ""
 "Supporting this parameter is optional, and clients **SHOULD NOT** rely on it "
 "for interacting with the API. This negotiation mechanism is intended to "
@@ -18083,13 +18452,13 @@ msgid ""
 "allow documentation or notes to link to a specific version+format."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:740
+#: ../source/specifications/simple-repository-api.rst:754
 msgid ""
 "Servers that do not support this parameter may choose to return an error "
 "when it is present, or they may simple ignore its presence."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:743
+#: ../source/specifications/simple-repository-api.rst:757
 msgid ""
 "When a server does implement this parameter, it **SHOULD** take precedence "
 "over any values in the client's ``Accept`` header, and if the server does "
@@ -18099,18 +18468,18 @@ msgid ""
 "``303 Multiple Choices``, or selecting a default type to return)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:752
+#: ../source/specifications/simple-repository-api.rst:766
 msgid "Endpoint Configuration"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:754
+#: ../source/specifications/simple-repository-api.rst:768
 msgid ""
 "This option technically is not a special option at all, it is just a natural "
 "consequence of using content negotiation and allowing servers to select "
 "which of the available content types is their default."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:758
+#: ../source/specifications/simple-repository-api.rst:772
 msgid ""
 "If a server is unwilling or unable to implement the server-driven content "
 "negotiation, and would instead rather require users to explicitly configure "
@@ -18118,7 +18487,7 @@ msgid ""
 "configuration."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:762
+#: ../source/specifications/simple-repository-api.rst:776
 msgid ""
 "To enable this, a server should make multiple endpoints (for instance, ``/"
 "simple/v1+html/`` and/or ``/simple/v1+json/``) for each version+format that "
@@ -18128,7 +18497,7 @@ msgid ""
 "and return the content type that corresponds to that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:769
+#: ../source/specifications/simple-repository-api.rst:783
 msgid ""
 "For clients that wish to require specific configuration, they can keep track "
 "of which version+format a specific repository URL was configured for, and "
@@ -18136,11 +18505,11 @@ msgid ""
 "includes the correct content type."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:776
+#: ../source/specifications/simple-repository-api.rst:790
 msgid "TUF Support - PEP 458"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:778
+#: ../source/specifications/simple-repository-api.rst:792
 msgid ""
 ":pep:`458` requires that all API responses are hashable and that they can be "
 "uniquely identified by a path relative to the repository root. For a Simple "
@@ -18151,7 +18520,7 @@ msgid ""
 "that all hash differently."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:785
+#: ../source/specifications/simple-repository-api.rst:799
 msgid ""
 ":pep:`458` does not specify what the target path should be for the Simple "
 "API, but TUF requires that the target paths be \"file-like\", in other "
@@ -18159,7 +18528,7 @@ msgid ""
 "technically points to a directory."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:790
+#: ../source/specifications/simple-repository-api.rst:804
 msgid ""
 "The saving grace is that the target path does not *have* to actually match "
 "the URL being fetched from the Simple API, and it can just be a sigil that "
@@ -18168,7 +18537,7 @@ msgid ""
 "HTTP request, such as the ``Accept`` header."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:796
+#: ../source/specifications/simple-repository-api.rst:810
 msgid ""
 "Ultimately figuring out how to map a directory to a filename is out of scope "
 "for this spec (but it would be in scope for :pep:`458`), and this spec "
@@ -18176,7 +18545,7 @@ msgid ""
 "`458` metadata."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:800
+#: ../source/specifications/simple-repository-api.rst:814
 msgid ""
 "However, it appears that the current WIP branch against pip that attempts to "
 "implement :pep:`458` is using a target path like ``simple/PROJECT/index."
@@ -18186,20 +18555,20 @@ msgid ""
 "the v1 JSON format would be ``simple/PROJECT/vnd.pypi.simple.v1.json``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:807
+#: ../source/specifications/simple-repository-api.rst:821
 msgid ""
 "In this case, since ``text/html`` is an alias to ``application/vnd.pypi."
 "simple.v1+html`` when interacting through TUF, it likely will make the most "
 "sense to normalize to the more explicit name."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:811
+#: ../source/specifications/simple-repository-api.rst:825
 msgid ""
 "Likewise the ``latest`` metaversion should not be included in the targets, "
 "only explicitly declared versions should be supported."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:817
+#: ../source/specifications/simple-repository-api.rst:831
 msgid ""
 "This section is non-normative, and represents what the spec authors believe "
 "to be the best default implementation decisions for something implementing "
@@ -18207,7 +18576,7 @@ msgid ""
 "these decisions."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:821
+#: ../source/specifications/simple-repository-api.rst:835
 msgid ""
 "These decisions have been chosen to maximize the number of requests that can "
 "be moved onto the newest version of an API, while maintaining the greatest "
@@ -18216,18 +18585,18 @@ msgid ""
 "choices it can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:826
+#: ../source/specifications/simple-repository-api.rst:840
 msgid "It is recommended that servers:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:828
+#: ../source/specifications/simple-repository-api.rst:842
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can, or at least as long "
 "as they're receiving non trivial traffic that uses the HTML responses."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:832
+#: ../source/specifications/simple-repository-api.rst:846
 msgid ""
 "When encountering an ``Accept`` header that does not contain any content "
 "types that it knows how to work with, the server should not ever return a "
@@ -18235,13 +18604,13 @@ msgid ""
 "Acceptable`` response."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:837
+#: ../source/specifications/simple-repository-api.rst:851
 msgid ""
 "However, if choosing to use the endpoint configuration, you should prefer to "
 "return a ``200 OK`` response in the expected content type for that endpoint."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:840
+#: ../source/specifications/simple-repository-api.rst:854
 msgid ""
 "When selecting an acceptable version, the server should choose the highest "
 "version that the client supports, with the most expressive/featureful "
@@ -18250,23 +18619,23 @@ msgid ""
 "should only use the ``text/html`` content type as a last resort."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:846
+#: ../source/specifications/simple-repository-api.rst:860
 msgid "It is recommended that clients:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:848
+#: ../source/specifications/simple-repository-api.rst:862
 msgid ""
 "Support all 3 content types described in this spec, using server-driven "
 "content negotiation, for as long as they reasonably can."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:851
+#: ../source/specifications/simple-repository-api.rst:865
 msgid ""
 "When constructing an ``Accept`` header, include all of the content types "
 "that you support."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:854
+#: ../source/specifications/simple-repository-api.rst:868
 msgid ""
 "You should generally *not* include a quality priority value for your content "
 "types, unless you have implementation specific reasons that you want the "
@@ -18275,63 +18644,63 @@ msgid ""
 "responses that you're unable to parse in some edge cases)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:860
+#: ../source/specifications/simple-repository-api.rst:874
 msgid ""
 "The one exception to this recommendation is that it is recommended that you "
 "*should* include a ``;q=0.01`` value on the legacy ``text/html`` content "
 "type, unless it is the only content type that you are requesting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:864
+#: ../source/specifications/simple-repository-api.rst:878
 msgid ""
 "Explicitly select what versions they are looking for, rather than using the "
 "``latest`` meta version during normal operation."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:867
+#: ../source/specifications/simple-repository-api.rst:881
 msgid ""
 "Check the ``Content-Type`` of the response and ensure it matches something "
 "that you were expecting."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:871
+#: ../source/specifications/simple-repository-api.rst:885
 msgid "Additional Fields for the Simple API for Package Indexes"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:873
+#: ../source/specifications/simple-repository-api.rst:887
 msgid ""
 "This specification defines version 1.1 of the simple repository API. For the "
 "HTML version of the API, there is no change from version 1.0. For the JSON "
 "version of the API, the following changes are made:"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:877
+#: ../source/specifications/simple-repository-api.rst:891
 msgid "The ``api-version`` must specify version 1.1 or later."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:878
+#: ../source/specifications/simple-repository-api.rst:892
 msgid "A new ``versions`` key is added at the top level."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:879
+#: ../source/specifications/simple-repository-api.rst:893
 msgid ""
 "Two new \"file information\" keys, ``size`` and ``upload-time``, are added "
 "to the ``files`` data."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:881
+#: ../source/specifications/simple-repository-api.rst:895
 msgid ""
 "Keys (at any level) with a leading underscore are reserved as private for "
 "index server use. No future standard will assign a meaning to any such key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:884
+#: ../source/specifications/simple-repository-api.rst:898
 msgid ""
 "The ``versions`` and ``size`` keys are mandatory. The ``upload-time`` key is "
 "optional."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:890
+#: ../source/specifications/simple-repository-api.rst:904
 msgid ""
 "An additional key, ``versions`` MUST be present at the top level, in "
 "addition to the keys ``name``, ``files`` and ``meta`` defined in :ref:`the "
@@ -18341,7 +18710,7 @@ msgid ""
 "duplicates, and the order of the values is not significant."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:897
+#: ../source/specifications/simple-repository-api.rst:911
 msgid ""
 "All of the files listed in the ``files`` key MUST be associated with one of "
 "the versions in the ``versions`` key. The ``versions`` key MAY contain "
@@ -18349,7 +18718,7 @@ msgid ""
 "uploaded, if the server has such a concept)."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:902
+#: ../source/specifications/simple-repository-api.rst:916
 msgid ""
 "Note that because servers may hold \"legacy\" data from before the adoption "
 "of :ref:`the version specifiers specification (VSS) <version-specifiers>`, "
@@ -18358,21 +18727,21 @@ msgid ""
 "servers SHOULD use normalised VSS versions where possible."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:911
+#: ../source/specifications/simple-repository-api.rst:925
 msgid "Additional file information"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:913
+#: ../source/specifications/simple-repository-api.rst:927
 msgid "Two new keys are added to the ``files`` key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:915
+#: ../source/specifications/simple-repository-api.rst:929
 msgid ""
 "``size``: This field is mandatory. It MUST contain an integer which is the "
 "file size in bytes."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:917
+#: ../source/specifications/simple-repository-api.rst:931
 msgid ""
 "``upload-time``: This field is optional. If present, it MUST contain a valid "
 "ISO 8601 date/time string, in the format ``yyyy-mm-ddThh:mm:ss.ffffffZ``, "
@@ -18384,11 +18753,11 @@ msgid ""
 "key."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:926
+#: ../source/specifications/simple-repository-api.rst:940
 msgid "Rename dist-info-metadata in the Simple API"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:929
+#: ../source/specifications/simple-repository-api.rst:943
 msgid ""
 "The keywords \"**MUST**\", \"**MUST NOT**\", \"**REQUIRED**\", "
 "\"**SHALL**\", \"**SHALL NOT**\", \"**SHOULD**\", \"**SHOULD NOT**\", "
@@ -18396,11 +18765,11 @@ msgid ""
 "are to be interpreted as described in :rfc:`RFC 2119 <2119>`."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:936
+#: ../source/specifications/simple-repository-api.rst:950
 msgid "Servers"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:938
+#: ../source/specifications/simple-repository-api.rst:952
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the HTML representation of the Simple "
@@ -18408,7 +18777,7 @@ msgid ""
 "with the supported values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:944
+#: ../source/specifications/simple-repository-api.rst:958
 msgid ""
 "The :ref:`the API metadata file specification <simple-repository-api-"
 "metadata-file>` metadata, when used in the :ref:`the JSON API specification "
@@ -18417,14 +18786,14 @@ msgid ""
 "values remaining the same."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:950
+#: ../source/specifications/simple-repository-api.rst:964
 msgid ""
 "To support clients that used the previous key names, the HTML representation "
 "**MAY** also be emitted using the ``data-dist-info-metadata``, and if it "
 "does so it **MUST** match the value of ``data-core-metadata``."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:959
+#: ../source/specifications/simple-repository-api.rst:973
 msgid ""
 "Clients consuming any of the HTML representations of the Simple API **MUST** "
 "read the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18433,7 +18802,7 @@ msgid ""
 "if it is present but ``data-core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:966
+#: ../source/specifications/simple-repository-api.rst:980
 msgid ""
 "Clients consuming the JSON representation of the Simple API **MUST** read "
 "the :ref:`the API metadata file specification <simple-repository-api-"
@@ -18442,48 +18811,54 @@ msgid ""
 "present but ``core-metadata`` is not."
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:976
+#: ../source/specifications/simple-repository-api.rst:990
 msgid "September 2015: initial form of the HTML format, in :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:977
+#: ../source/specifications/simple-repository-api.rst:991
 msgid "July 2016: Requires-Python metadata, in an update to :pep:`503`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:978
+#: ../source/specifications/simple-repository-api.rst:992
 msgid "May 2019: \"yank\" support, in :pep:`592`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:979
+#: ../source/specifications/simple-repository-api.rst:993
 msgid ""
 "July 2020: API versioning convention and metadata, and declaring the HTML "
 "format as API v1, in :pep:`629`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:981
+#: ../source/specifications/simple-repository-api.rst:995
 msgid ""
 "May 2021: providing package metadata independently from a package, in :pep:"
 "`658`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:983
+#: ../source/specifications/simple-repository-api.rst:997
 msgid ""
 "May 2022: initial form of the JSON format, with a mechanism for clients to "
 "choose between them, and declaring both formats as API v1, in :pep:`691`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:985
+#: ../source/specifications/simple-repository-api.rst:999
 msgid ""
 "October 2022: project versions and file size and upload-time in the JSON "
 "format, in :pep:`700`"
 msgstr ""
 
-#: ../source/specifications/simple-repository-api.rst:987
+#: ../source/specifications/simple-repository-api.rst:1001
 msgid ""
 "June 2023: renaming the field which provides package metadata independently "
 "from a package, in :pep:`714`"
 msgstr ""
 
+#: ../source/specifications/simple-repository-api.rst:1003
+msgid ""
+"November 2024: provenance metadata in the HTML and JSON formats, in :pep:"
+"`740`"
+msgstr ""
+
 #: ../source/specifications/source-distribution-format.rst:6
 msgid "Source distribution format"
 msgstr ""
@@ -21396,7 +21771,7 @@ msgid ""
 msgstr ""
 
 #: ../source/tutorials/managing-dependencies.rst:140
-#: ../source/tutorials/packaging-projects.rst:506
+#: ../source/tutorials/packaging-projects.rst:505
 msgid "Next steps"
 msgstr ""
 
@@ -21845,43 +22220,43 @@ msgstr "一旦安裝完畢，執行Twine以上載所有於file:"
 
 #: ../source/tutorials/packaging-projects.rst:424
 msgid ""
-"You will be prompted for a username and password. For the username, use "
-"``__token__``. For the password, use the token value, including the ``pypi-"
-"`` prefix."
+"You will be prompted for an API token. Use the token value, including the "
+"``pypi-`` prefix. Note that the input will be hidden, so be sure to paste "
+"correctly."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:428
+#: ../source/tutorials/packaging-projects.rst:427
 msgid "After the command completes, you should see output similar to this:"
 msgstr "當指令完成，你應該可以見到類似以下的輸出內容:"
 
-#: ../source/tutorials/packaging-projects.rst:439
+#: ../source/tutorials/packaging-projects.rst:438
 msgid ""
 "Once uploaded, your package should be viewable on TestPyPI; for example: "
 "``https://test.pypi.org/project/example_package_YOUR_USERNAME_HERE``."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:444
+#: ../source/tutorials/packaging-projects.rst:443
 msgid "Installing your newly uploaded package"
 msgstr "安裝你那最新上載套件中"
 
-#: ../source/tutorials/packaging-projects.rst:446
+#: ../source/tutorials/packaging-projects.rst:445
 msgid ""
 "You can use :ref:`pip` to install your package and verify that it works. "
 "Create a :ref:`virtual environment <Creating and using Virtual "
 "Environments>` and install your package from TestPyPI:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:462
+#: ../source/tutorials/packaging-projects.rst:461
 msgid "Make sure to specify your username in the package name!"
 msgstr "碓保指明你的帳戶名稱於那個套件名稱裏!"
 
-#: ../source/tutorials/packaging-projects.rst:464
+#: ../source/tutorials/packaging-projects.rst:463
 msgid ""
 "pip should install the package from TestPyPI and the output should look "
 "something like this:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:474
+#: ../source/tutorials/packaging-projects.rst:473
 msgid ""
 "This example uses ``--index-url`` flag to specify TestPyPI instead of live "
 "PyPI. Additionally, it specifies ``--no-deps``. Since TestPyPI doesn't have "
@@ -21891,23 +22266,23 @@ msgid ""
 "installing dependencies when using TestPyPI."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:481
+#: ../source/tutorials/packaging-projects.rst:480
 msgid ""
 "You can test that it was installed correctly by importing the package. Make "
 "sure you're still in your virtual environment, then run Python:"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:496
+#: ../source/tutorials/packaging-projects.rst:495
 msgid "and import the package:"
 msgstr "然後載入那個套件:"
 
-#: ../source/tutorials/packaging-projects.rst:508
+#: ../source/tutorials/packaging-projects.rst:507
 msgid ""
 "**Congratulations, you've packaged and distributed a Python project!** ✨ 🍰 "
 "✨"
 msgstr "**恭喜，你已經做好套件而且發佈為一個Python頂目出去!**✨ 🍰 ✨"
 
-#: ../source/tutorials/packaging-projects.rst:511
+#: ../source/tutorials/packaging-projects.rst:510
 msgid ""
 "Keep in mind that this tutorial showed you how to upload your package to "
 "Test PyPI, which isn't a permanent storage. The Test system occasionally "
@@ -21915,14 +22290,14 @@ msgid ""
 "experiments like this tutorial."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:516
+#: ../source/tutorials/packaging-projects.rst:515
 msgid ""
 "When you are ready to upload a real package to the Python Package Index you "
 "can do much the same as you did in this tutorial, but with these important "
 "differences:"
 msgstr "當你真正準備上載一個套件到Python套件索引，你往後可以重複幾次這動作"
 
-#: ../source/tutorials/packaging-projects.rst:520
+#: ../source/tutorials/packaging-projects.rst:519
 #, fuzzy
 msgid ""
 "Choose a memorable and unique name for your package. You don't have to "
@@ -21932,14 +22307,14 @@ msgstr ""
 "為你的套件選擇一個稔熟且獨特的名字。由於你已經在教學中做了一次，所以你不用在"
 "此再加上你的用戶名稱。"
 
-#: ../source/tutorials/packaging-projects.rst:522
+#: ../source/tutorials/packaging-projects.rst:521
 msgid ""
 "Register an account on https://pypi.org - note that these are two separate "
 "servers and the login details from the test server are not shared with the "
 "main server."
 msgstr "於https://pypi.org網址內登記一個帳戶-謹記這是兩個截然不同的伺服器和"
 
-#: ../source/tutorials/packaging-projects.rst:525
+#: ../source/tutorials/packaging-projects.rst:524
 msgid ""
 "Use ``twine upload dist/*`` to upload your package and enter your "
 "credentials for the account you registered on the real PyPI.  Now that "
@@ -21947,45 +22322,45 @@ msgid ""
 "repository``; the package will upload to https://pypi.org/ by default."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:529
+#: ../source/tutorials/packaging-projects.rst:528
 msgid ""
 "Install your package from the real PyPI using ``python3 -m pip install [your-"
 "package]``."
 msgstr ""
 "使用 ``python3 -m pip install [your-package]`` 以從真正的PyPI安裝您的套件。"
 
-#: ../source/tutorials/packaging-projects.rst:531
+#: ../source/tutorials/packaging-projects.rst:530
 msgid ""
 "At this point if you want to read more on packaging Python libraries here "
 "are some things you can do:"
 msgstr "此時，如果您想閱讀有關打包 Python 庫的更多信息，您可以執行以下操作："
 
-#: ../source/tutorials/packaging-projects.rst:534
+#: ../source/tutorials/packaging-projects.rst:533
 msgid ""
 "Read about advanced configuration for your chosen build backend: `Hatchling "
 "<hatchling-config_>`_, :doc:`setuptools <setuptools:userguide/"
 "pyproject_config>`, :doc:`Flit <flit:pyproject_toml>`, `PDM <pdm-config_>`_."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:538
+#: ../source/tutorials/packaging-projects.rst:537
 msgid ""
 "Look at the :doc:`guides </guides/index>` on this site for more advanced "
 "practical information, or the :doc:`discussions </discussions/index>` for "
 "explanations and background on specific topics."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:541
+#: ../source/tutorials/packaging-projects.rst:540
 msgid ""
 "Consider packaging tools that provide a single command-line interface for "
 "project management and packaging, such as :ref:`hatch`, :ref:`flit`, :ref:"
 "`pdm`, and :ref:`poetry`."
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:549
+#: ../source/tutorials/packaging-projects.rst:548
 msgid "Notes"
 msgstr ""
 
-#: ../source/tutorials/packaging-projects.rst:551
+#: ../source/tutorials/packaging-projects.rst:550
 msgid ""
 "Technically, you can also create Python packages without an ``__init__.py`` "
 "file, but those are called :doc:`namespace packages </guides/packaging-"