Working on a multisig solution for authenticated file distribution, initially targeting GitHub releases. Based on minisig and git.
I think this project is an interesting addition as a software supply chain solution, but generating interest in the project in this early stage proves difficult.
I think this project is an interesting addition as a software supply chain solution, but generating interest in the project in this early stage proves difficult.
For those interested, I maintain a spec in parallel of the development at https://github.com/asfaload/spec