Salvo Tomaselli <ltw...@debian.org> writes: > On that thread they say that it is possible to verify signatures offline. But > the checker seems to need a number of dependencies.
"TL;DR: Starting with the next release, --offline will also mean that sigstore-python performs no automatic trust root updates." Maybe I am wrong here, maybe this is similar to GPG, but regardless it made me a bit nervous. -- Brian May @ Debian
