Is (TUF) appropriate for ?

Are signed commits sufficient to authenticate a repo?

What about Git{Hub,Lab} “verified” badges?

The paper describes the checkout authentication mechanism has been using for two years.

Unlike TUF, it's tailored to functional deployment à la &

More generally, it supports off-line repo authentication.

Sign in to participate in the conversation
Mastodon (Aquilepouet)

Aquilenet, fournisseur d'accès à Internet associatif, local et militant en Aquitaine vous accueille sur son instance Mastodon !