Y
Hacker News
new
|
ask
|
show
|
jobs
by
jcarrano
79 days ago
Thinking how a secure setup for uploading packages from a CI would look like: the package must be signed by the devs, and for that they must build it independently on their machines (this requires a reproducible build).