|
|
|
|
|
|
by T3OU-736
1425 days ago
|
|
|
Nice project, and an important step in the right direction. Can't help but think that the real tricky part comes after provenance is recorded. What do you do with all of that - is there something enforcing an allowlist/denylist using the data? How is being kept updated with new builds and the CI/CD pipeline?
All the builds or just with a certain other metadata?
How do you handle exceptions?
How do you handle devs experimenting? How are the attestation signing keys being protected? |
|
|