undefined | Better HN

0 pointswlamartin1y ago0 comments

Ah, I think you might be pleasantly surprised that this is an area being focused on right now with attestations[1] for example, here are the attestations for the GitHub CLI[2].

1: https://github.blog/2024-05-02-introducing-artifact-attestat...

2: https://github.com/cli/cli/attestations

0 comments

g-b-r1y ago

Maybe this whole cryptographic stuff has some use, but all that which was needed was for GitHub to declare when a file was uploaded manually and when by a workflow (specifying which workflow).

This looks so complex that it might well be just smoke and mirrors

j / k navigate · click thread line to collapse