You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would be great if there would be an automated workflow which builds and adds the binaries to releases. Ideally with signatures to reduce the risk of supply chain attacks.
Right now, there is no way to verify if the binaries attached to a release are build from the actual source and not from an altered tree.
The text was updated successfully, but these errors were encountered:
Would be great if there would be an automated workflow which builds and adds the binaries to releases. Ideally with signatures to reduce the risk of supply chain attacks.
Right now, there is no way to verify if the binaries attached to a release are build from the actual source and not from an altered tree.
The text was updated successfully, but these errors were encountered: