---
date: 2025-02-11T18:39:04+00:00
modified: 2025-02-11T18:39:04+00:00
permalink: https://kaspars.net/note/mastodon-social-113987180583091644
post_type: note
author:
  name: Kaspars
  avatar: https://reverse.kaspars.net/gravatar/avatar/92bfcd3a8c3a21a033a6484d32c25a40b113ec6891f674336081513d5c98ef76?s=96&d=mm&r=g
---

# On February 11, 2025 at 20:39

Code signing doesn't solve everything because there are so many places where malicious code can creep into downloadable software. Source attestation is like a bill of materials with signed receipts.