Linux Foundation unveils Sigstore — a Let’s Encrypt for code signing

Code signing should be the norm. It’s somewhat strange that people take more care of the quality of fuel that they put in their prized vehicles than they do with the code that’s running their prized application…:

The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free ‘sigstore’ service that lets developers code-sign and verify open source software to prevent supply-chain attacks. […]

Original Article