|
|
|
|
|
|
by woodruffw
1680 days ago
|
|
|
The longer term solution to this is public key signatures with an ephemeral key, rooted to some trusted identity source (e.g., a GitHub account with strong 2FA). There’s lots of work on that front coming out of the Open Source Security Foundation. |
|
|