runwasi icon indicating copy to clipboard operation
runwasi copied to clipboard

Published 20 hours ago verified publisher icon containerd

SBOMs and Artifact Signing for Releases

Open 0xE282B0 opened this issue 8 months ago • 3 comments

My favorite cite about KWasm:

"So Kwasm operator breaks into the host node and sets up some containerd configuration imports of binary from wherever — this is not production ready" -@kingdonb

As the ecosystem has become more stable and mature, we have moved to the officially released shims, but it would be nice to be able to prove that the binaries are not compromised.

I would suggest providing SBOMs and signatures for the releases. WDYT?

0xE282B0 avatar Dec 05 '23 07:12 0xE282B0