Filing this for myself to fix/improve 🙂

If a user uploads a funky attestation (i.e. one that doesn't roughly match our expectations for a Sigstore issued machine identity cert), the upload endpoint produces a pretty opaque error message:

WARNING Error during upload. Retry with the --verbose option for more details. ERROR HTTPError: 400 Bad Request from https://upload.pypi.org/legacy/ Invalid attestations supplied during upload: Unknown error while trying to verify included attestations: No <ObjectIdentifier(oid=1.3.6.1.4.1.57264.1.14, name=Unknown OID)> extension was found 

(This particular error case was a bug, now fixed with #17913. However, in the general case this still produces a non-ideal error.)