Having been involved with early RubyGems work on sigstore support, I am unreasonably excited to see this announcement. The RFC looks thorough and thoughtful and the impact of better signing in npm can't be overstated.
Yeah, besides finally having some progress regarding signing, I think it's great they went with an option that is open and already is gaining traction.
jacques_chester|3 years ago
mnkypete|3 years ago