Y
Hacker News
new
|
ask
|
show
|
jobs
by
frabcus
5 days ago
Have any kind of provenance. eg like Debian has for 30 years. Key signing in person etc
1 comments
tpetry
5 days ago
That has also been implemented recently. With staged publishing the author must verify a new release with 2FA so automated attacks dont work anymore. Some human in the loop must verify a release.
link