Comment by jacques_chester
7 hours ago
Maintaining this capability isn't free, it is of dubious benefit and there are much better alternatives.
On a cost benefit analysis this is a slam dunk.
7 hours ago
Maintaining this capability isn't free, it is of dubious benefit and there are much better alternatives.
On a cost benefit analysis this is a slam dunk.
What are these "much better alternatives"?
https://www.sigstore.dev/
The emerging standard for verifying artifacts, e.g. in container image signing, npm, maven, etc
https://blog.sigstore.dev/npm-public-beta/ https://www.sonatype.com/blog/maven-central-and-sigstore
Emerging standard = not yet the standard
1 reply →