Trishank Karthik Kuppusamy
Trishank Karthik Kuppusamy
Great idea, @di, long time coming, and excited to see traction building on this! Agree with both @joshuagl and @SantiagoTorres that the auto wheel-builder service will be excellent an security...
Just so maintainers have a better idea, I think the projects mentioned above are trying to achieve something like [PEP 458](https://www.python.org/dev/peps/pep-0458/) level of security for at least some PHP package...
Thanks for the summary, Joshua! > Repository signing ensures that package contents have not been modified (tampered with) from the time the package is added to the repository to when...
> If you don't mind, to keep our git history a little cleaner, do you mind rebasing and cleaning the git commits on your feature branch? I would be happy...
> Yes, I think that would be fine. Done, PTAL, thx!
> @trishankatdatadog I've reviewed the changes and the code looks good to me, I just have a few questions. > > Looking at the Vault repo, this PR adds support...
@kommendorkapten we could use tuf.js from sigstore.js in the near future 🙂
Again, could we pls add this as a _brief_ discussion at the agenda tomorrow? Thanks!
Don't get me wrong: I think it's fantastic to translate SLSA to Japanese, but perhaps the effort is best spent when we reach 1.0?