For reasons that are not very interesting to anybody else, it would be very helpful to me if there were an "official statement" from this group to the effect of "privacy concerns are one issue preventing Sigstore adoption for package signing by authors."
This doc feels like a good candidate to me, as we already mention one reason why we don't use human identities.
For reasons that are not very interesting to anybody else, it would be very helpful to me if there were an "official statement" from this group to the effect of "privacy concerns are one issue preventing Sigstore adoption for package signing by authors."
This doc feels like a good candidate to me, as we already mention one reason why we don't use human identities.