Semisol 👨💻 on Nostr: usually not. signed releases make sure the code is what is intended by the author ...
usually not. signed releases make sure the code is what is intended by the author (most of the time unless the key is compromised, so reproducible builds + code auditing helps)
firmware attestation is used as a substitute to not have proper hardware security
Published at
2023-10-23 05:21:48Event JSON
{
"id": "70f4e8f9c0e0227528fd4568a3ff6a6e43a90180b40781a266bc7a045bca3a69",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1698038508,
"kind": 1,
"tags": [
[
"e",
"d255a7d6e7a2cb4274490edd3d88e6f7f697ae2b661fd33b719180c1d03d7499"
],
[
"e",
"e9aa3473d9d5847e6369425c0e22204caa625dcad10bcc83b414f557842b1621"
],
[
"p",
"21b419102da8fc0ba90484aec934bf55b7abcf75eedb39124e8d75e491f41a5e"
]
],
"content": "usually not. signed releases make sure the code is what is intended by the author (most of the time unless the key is compromised, so reproducible builds + code auditing helps)\n\nfirmware attestation is used as a substitute to not have proper hardware security",
"sig": "28fb3365245b3e96214aac98b146d719518a316c730c157e736ee483137fd86005938c5580b17ae5c7f5234e1312785cfbfc9912d476f36014325ba5b7b89f3c"
}
