Issue Details

Number

21524

Title

Use sigstore software transparency for releases

Description

[Sigstore](https://sigstore.dev/what_is_sigstore/) is an initiative by the Linux Foundation for software supply chain security. The goal is to be able to verify the origin of binaries as well as to ensure software transparency, so to be able to verify that you downloaded the same binary as everyone else. Of course we already sign our releases, but the latter seems important. The implementation is under development and available as open source. However the system is not live yet (as of 2021-03-24, there is a [public instance](https://github.com/sigstore/rekor#public-instance) test server but they warn it will get wiped). But I think as soon as it does go into production use, we should try to use it for our releases.

URL

https://github.com/bitcoin/bitcoin/issue/21524

Closed by

Notes

Attention of

Kill Factor (1-10)

Save

Back to List