zanieb
commented
1 month ago Yeah these seem reasonable, were you interested in contributing this?
Open orf opened 1 month ago
zanieb
commented
1 month ago Yeah these seem reasonable, were you interested in contributing this?
orf
commented
1 month ago Absolutely! I’m currently travelling and away from my laptop so it will have to be next week, but I can take a look at it when I’m back.
Hello!
First, thanks for this fantastic project - it’s a great help to the community and ecosystem at large.
I would like to suggest adding artifact attestations to the releases.
This would enable supply chain verification for these builds, and provide a layer of validation above just verifying the signature.
it’s pretty simple to add: just a single step, with no configuration or changes required in the binary itself.
what do you think?