quixaq
Results
1
comments of
quixaq
All needed to verify the signature is a SHA-256 hash of the signing certificate, you don't have to set up anything and unlike the SLSA provenance check, verifying the signature...