Replying to Avatar franzap

Thanks for considering that too, nostr:npub15qydau2hjma6ngxkl2cyar74wzyjshvl65za5k5rl69264ar2exs5cyejr .

nostr:npub1qdjn8j4gwgmkj3k5un775nq6q3q7mguv5tvajstmkdsqdja2havq03fqm7 we can totally add a git commit to the 1063

And btw you can recreate a checksum file by querying kinds 1063 with a #e of the 30063 - basically one query

Avatar
ChipTuner 1y ago

Yeah fair enough. This is what I did on my website: I always have source tarballs associated with commits along with binary tarballs. The tarball hashes are individually signed.

I'm thinking for a mode where we have sdks and libraries that are being pulling into other projects during build time, where everything runs automatically and we want a secure way to verify artifacts during the upstream CI pipeline.

Reply to this note

Please Login to reply.

Discussion

No replies yet.