Y
Hacker News
new
|
ask
|
show
|
jobs
by
winkelmann
564 days ago
GitHub now offers "artifact attestation"[1], which would be ideal for this use case. It records what build process binaries originated from, so they can still be published elsewhere while remaining verifiable.
[1]
https://github.blog/changelog/2024-06-25-artifact-attestatio...