Hacker News new | past | comments | ask | show | jobs | submit
arccy | on: Removing PGP from PyPI (2023)
https://www.sigstore.dev/

The emerging standard for verifying artifacts, e.g. in container image signing, npm, maven, etc

https://blog.sigstore.dev/npm-public-beta/ https://www.sonatype.com/blog/maven-central-and-sigstore

binary132 | parent
Emerging standard = not yet the standard
jacques_chester | root | parent
Nobody said it was. The point is that it's better.