**ᴛʜᴇʀᴜʀᴀɴ 🌐🏴** @theruran@hackers.town · May 04, 2022, 04:49

**ᴛʜᴇʀᴜʀᴀɴ 🌐🏴** @theruran@hackers.town · May 04, 2022, 04:49

ᴛʜᴇʀᴜʀᴀɴ 🌐🏴 @theruran@hackers.town

May 04, 2022, 04:49

ᴛʜᴇʀᴜʀᴀɴ 🌐🏴 @theruran@hackers.town

https://www.sigstore.dev/

welp, I see a bunch of corporate logos plastered on the thing and I am instantly skeptical.

what can this do that GPG-signing Git commits can't do?

**nytpu** @nytpu@tilde.zone · 2022-05-05T00:49:43Z

nytpu @nytpu@tilde.zone

@theruran Ah yes, just what decentralized code hosting has been needing: forcing TLS-style certificate authorities into it and making anybody who's actually decentralized as a second-class “insecure” citizen

May 05, 2022, 00:49 · · Tusky · · ·

**djsumdog** @djsumdog@djsumdog.com · May 05, 2022, 00:52

**djsumdog** @djsumdog@djsumdog.com · May 05, 2022, 00:52

May 05, 2022, 00:52

djsumdog @djsumdog@djsumdog.com

@nytpu @theruran I feel like this is for corporations who only want to trust the OSS assets of other corporations … with what looks like an insanely complex, Kubernetes, enterprise type bullshit solution no real OSS developer ever asked for.

Trending now

Resources

Developers

What is Mastodon?

tilde.zone

More…