Hacker News new | ask | show | jobs
by dsp_person 38 days ago
Thanks that's interesting. The docs are aimed at developers, but I'm curious about the use case for the end user.

So would a user have to do some kind of `gh attestation verify PATH/TO/YOUR/BUILD/ARTIFACT-BINARY ...`? (assuming the plugin dev provides an sbom?)
1 comments
kepano 38 days ago
In the near term artifact attestation will be visible to users in the directory, and part of the overall scorecard of a plugin.
link