Code signing doesn't solve everything because there are so many places where malicious code can creep into downloadable software. Source attestation is like a bill of materials with signed receipts.
On February 11, 2025 at 20:39
Code signing doesn't solve everything because there are so many places where malicious code can creep into downloadable software. Source attestation is like a bill of materials with signed receipts.