Verify Docker Image Signature All LiteLLM Docker images are signed with cosign. Every release is signed with the same key introduced in commit `0112e53`. Verify using the pinned commit hash (recommended): A commit hash is cryptographically immutable, so this is the strongest way to ensure you are using the original signing key: ```bash cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/0112e53046018d726492c814b3644b7d376029d0/cosign.pub \ ghcr.io/berriai/litellm:v1.83.10-nightly ``` Verify using the release tag (convenience): Tags are protected in this repository and resolve to the same key.

This option is easier to read but relies on tag protection rules: ```bash cosign verify \ --key https://raw.githubusercontent.com/BerriAI/litellm/v1.83.10-nightly/cosign.pub \ ghcr.io/berriai/litellm:v1.83.10-nightly ``` Expected output: ``` The following checks were performed on each of these signatures: The cosign claims were validated The signatures were verified against the specified public key ``` --- ⚠️ Breaking Changes Python 3.9 is no longer supported. The minimum required Python version is now 3.10 (`requires-python` changed from `>=3.9, =3.10, <3.14`). Python…