Description

Deliver Tech Preview of Red Hat's Trusted Python Libraries - enterprise-grade, SLSA Level 3 certified Python packages addressing supply chain security concerns for mission-critical applications.

Business Value

Problem: Enterprises lack trusted source for verified, secure Python packages with provenance guarantees and SLSA Level 3 compliance.

Target Customers: Enterprise dev teams, DevSecOps teams, regulated industries (finance, healthcare, government), Red Hat AI/ML platform customers.

PM Requirements - Tech Preview Scope

1. Package Catalog (1,000+ Packages)

• 1,000+ most popular Python packages available at launch
• Latest stable versions built and published
• Automated new builds within 24 hours of upstream release
• Support for requesting additional versions via support

2. SLSA Level 3 Secure Build

• All packages built in Konflux secure infrastructure
• Attestations(Signatures and SBOMs) downloadable alongside packages
• SLSA Level 3 compliance

3. Public Registry (packages.redhat.com)

• packages.redhat.com domain live with CDN
• Standard pip workflow (pip install --index-url)
• requirements.txt and pyproject.toml compatible
• EULA acceptance workflow

4. Platform Support

• Python 3.12, x86_64 architecture, manywheelsplatform

5. Documentation

• Getting Started Guide (pip config, EULA, first install, troubleshooting)
• CI/CD Integration Guide/examples (Jenkins, GitHub Actions etc)
• Security & Compliance Docs (SLSA explanation, attestation verification, SBOM usage)
• Package Index (complete list with versions, SBOMs, attestations)

6. Telemetry (Grafana Dashboard) (via Pulp)

• DAU/WAU/MAU tracking
• Downloads by package
• Week-over-week growth rate
• Top 10 packages
• Geographic distribution
• Success/error rates