sentencepiece icon indicating copy to clipboard operation
sentencepiece copied to clipboard
verified publisher icon google

Sign wheels in GitHub releases

Open laurentsimon opened this issue 3 years ago • 0 comments

Hi,

I'm reaching out on behalf of the Open Source Security Foundation (openssf.org). We work on improving the security of critical open source projects like yours.

Together with GitHub, we designed a free, easy-to-use method of code signing. It will help your users verify that your release wheels were built from your repository’s workflow and not altered by anyone. It will make your project more secure against third-party tampering and attacks like Codecov and CTX.

This PR shows how to add this code signing to your workflow. You don’t have to be a cryptography expert or learn complicated tools and verification is simple for your users.

You can read more on the SLSA blog. Please reach out if you have any questions!

laurentsimon avatar Aug 12 '22 15:08 laurentsimon