#softwaresuppychain — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #softwaresuppychain, aggregated by home.social.
-
I've made a small demo script for PGP signing a Python file; this technique could be easily extended to any other scripting language that supports block comments.
https://codeberg.org/Taffer/pygp-sign
Installers could verify the `.py` files in a package, and a runtime could also verify them at import time (hopefully with some key caching involved).
#python #pgp #gpg #codesigning #signatures #SoftwareSuppyChain