Why not just use gpg signatures and maintain trusted signing keys? There’s
no reason to reinvent the wheel. If a user wants to use a unsigned or
untrusted packages, they have to accept the risk.
Thanks,
Greg
On Wed, Jul 5, 2023 at 2:05 PM Chris Angelico wrote:
> On Thu, 6 Jul 2023 at 03:57, Jam
why do people insist on reinventing the wheel? Blockchain is not the answer
for adding trust that is verifiable. Code signing is the answer, it’s
widely accepted and would be useful in cases of trusted computing and other
security use cases.
I don’t want to load a hash table to load a third party
