... | ... | @@ -1633,6 +1633,10 @@ the time of writing, by: |
|
|
[Santiago Torres]: https://github.com/SantiagoTorres
|
|
|
[Bob Callaway]: https://github.com/bobcallaway
|
|
|
|
|
|
Update: [gitsign](https://github.com/sigstore/gitsign) is specifically built to use this infrastructure
|
|
|
for Git. GitHub and GitLab are currently lacking support for verifying
|
|
|
those signatures. See [tutorial](https://dev.to/erikaheidi/enable-gitsign-today-and-start-signing-your-commits-2gda).
|
|
|
|
|
|
Similar projects:
|
|
|
|
|
|
* [SLSA](https://slsa.dev/), which has a well documented [threat model](https://slsa.dev/spec/v0.1/threats)
|
... | ... | |