|
|
|
|
|
|
by kaathewise
66 days ago
|
|
|
StageX does reproducible builds, so they are signed independently and can also be verified locally. I don't think it applies to Astral, but it's useful for packages with a single maintainer or a vulnerable CI, where there is only one point of failure. But I also think it'd be nice if projects provided a first-party StageX build, like many do with a Dockerfile or a Nix flake. |
|
|