Please review the draft for March's report
David A. Wheeler
dwheeler at dwheeler.com
Tue Apr 6 16:48:33 UTC 2021
> On Apr 6, 2021, at 10:50 AM, Santiago Torres-Arias <santiago at archlinux.org> wrote:
>
>> I think mentioning sigstore is value. Reproducible builds let you verify that
>> a given build *is* generated from a given source; sigstore can let you
>> verify that you got the *correct* source or build.
>
> I think mentioning sigstore is a good idea...
> However, I don't think that "sigstore can let you verify that you got
> the *correct* source or build" is a correct way to frame things.
I was trying to be “simple and one sentence”, which is necessarily imperfect.
How about this as the 1-sentence summary?:
“sigstore is designed to enable simpler cryptographic signing & signature verification”?
--- David A. Wheeler
More information about the rb-general
mailing list