I wonder if anyone did the research on this, but could we have signed build artifacts so that by checking the signature you know that the artifact A was built from the source B?
And through cryptomagic it could be verified without recompiling everything?
Conversation
Show replies