“The founders of Sigstore hope that their platform will spur adoption of code signing, an important protection for software supply chains but one that popular and widely used open source software often overlooks. Open source developers don’t always have the resources, time, expertise, or wherewithal to fully implement code signing on top of all the other nonnegotiable components they need to build for their code to function.”
