I think that the idea behind Sigstore is interesting and can be really useful for many developers. But it also adds a lot of tooling and services that have to be set up and maintained, so if a developer isn't developing on a major forge where it's handled for them, it's probably too burdensome to deploy for most people.
We need to come up with solutions that work for the nomadic indie developer as well.
=> More informations about this toot | More toots from bk2204@mastodon.social
@bk2204 The problem with security tools is that they're written by security experts.
=> More informations about this toot | More toots from funnelfiasco@hachyderm.io
@funnelfiasco Yes, that's definitely true. Usable security is hard, but I think there are some options (such as Signal).
=> More informations about this toot | More toots from bk2204@mastodon.social This content has been proxied by September (3851b).Proxy Information
text/gemini