Code signing doesn't solve everything because there are so many places where malicious code can creep into downloadable software. Source attestation is like a bill of materials with signed receipts. - ThreadSky

kaspars.damb.is • 24 days ago

Code signing doesn't solve everything because there are so many places where malicious code can creep into downloadable software. Source attestation is like a bill of materials with signed receipts.