Comment by herpdyderp

Comment by herpdyderp 7 days ago

> - Transparent builds: this should be a standard

Can you explain what "Transparent builds" means in this context?

From my understanding after a quick search, it is the standard. If any package requires me to figure out a manual build process after installing it, to get it to work, I simply do not use it.

mathuo 7 days ago

This is in related to the publication of the package to npm. All of the publications are verified with provenance statements as supported by NPM directly; it's something I believe all NPM packages should be required to use but as of now it's optional; it simply provided verifiable signatures as to what was built and how it was built.

https://docs.npmjs.com/generating-provenance-statements

https://www.npmjs.com/package/dockview#provenance

Reply View 1 reply

fc417fc802 7 days ago

[dead]

Reply View | 0 replies

itsafarqueue 7 days ago

Attestation

Reply View 0 replies