|
|
|
|
|
|
by raphinou
60 days ago
|
|
|
Working on Asfaload, a multisig sign-off solution applied to release artifacts authentication. It is: - open source - accountless(keys are identity) - using a public git backend making it easily auditable - easy to self host, meaning you can easily deploy it internally - multisig, meaning event if GitHub account is breached, malevolent artifacts can be detected - validating a download transparantly to the user, which only requires the download url, contrary to sigstore Nearing Alpha release stage. Code at https://github.com/asfaload/asfaload
Info at https://asfaload.com/ |
|
|