Is (TUF) appropriate for ?

Are signed commits sufficient to authenticate a repo?

What about Git{Hub,Lab} “verified” badges?


The paper describes the checkout authentication mechanism has been using for two years.

Unlike TUF, it's tailored to functional deployment à la &

More generally, it supports off-line repo authentication.

· · Web · 0 · 3 · 7
Sign in to participate in the conversation
Mastodon (Aquilepouet)

Aquilenet, fournisseur d'accès à Internet associatif, local et militant en Aquitaine vous accueille sur son instance Mastodon !