> On Apr 6, 2021, at 10:50 AM, Santiago Torres-Arias <santi...@archlinux.org> > wrote: > >> I think mentioning sigstore is value. Reproducible builds let you verify that >> a given build *is* generated from a given source; sigstore can let you >> verify that you got the *correct* source or build. > > I think mentioning sigstore is a good idea... > However, I don't think that "sigstore can let you verify that you got > the *correct* source or build" is a correct way to frame things. I was trying to be “simple and one sentence”, which is necessarily imperfect. How about this as the 1-sentence summary?: “sigstore is designed to enable simpler cryptographic signing & signature verification”? --- David A. Wheeler
- Please review the draft for March's report Chris Lamb
- Re: Please review the draft for March's report Holger Levsen
- Re: Please review the draft for March's report Chris Lamb
- Please review the draft for March's report Chris Lamb
- Re: Please review the draft for March's rep... Daniel Shahaf
- Re: Please review the draft for March's... Bernhard M. Wiedemann
- Re: Please review the draft for March's... Chris Lamb
- Re: Please review the draft for Mar... David A. Wheeler
- Re: Please review the draft fo... Richard Purdie
- Re: Please review the draft fo... Santiago Torres-Arias
- Re: Please review the draf... David A. Wheeler
- Re: Please review the draf... Daniel Shahaf
- Re: Please review the ... Santiago Torres-Arias
- Re: Please review the ... Daniel Shahaf
- Re: Please review the ... Santiago Torres-Arias
- Re: Please review the ... Daniel Shahaf
- Re: Please review the draft for March's rep... John Scott
- Re: Please review the draft for March's... Chris Lamb
- Re: Please review the draft for March's rep... Chris Lamb
- Please review the draft for March's report Chris Lamb