|
|
|
|
|
|
by Boulth
2939 days ago
|
|
|
It's not that easy to solve in general. Usually these artifacts are built by CI so it'd have to sign them too (if they are not reproducible the you can't build them locally and check if they are the same). So a person that has admin access in CI can do that too. Of course current design leaves much to be desired. |
|
|