Closed aellispierce closed 2 years ago
Previously, we could sign any random file. However, when the verification retrieved and verified the signature, it would blow up. This makes it so that the gemminess of a file is verified before we sign it, so that only legit gems can be signed.
Closes https://github.com/Shopify/ruby-sigstore/issues/37
Previously, we could sign any random file. However, when the verification retrieved and verified the signature, it would blow up. This makes it so that the gemminess of a file is verified before we sign it, so that only legit gems can be signed.
Closes https://github.com/Shopify/ruby-sigstore/issues/37