Comment by jcarrano

11 hours ago

Thinking how a secure setup for uploading packages from a CI would look like: the package must be signed by the devs, and for that they must build it independently on their machines (this requires a reproducible build).

0 comments