Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Distributor verified badge #51

Closed
seehma opened this issue Aug 7, 2023 · 2 comments
Closed

Distributor verified badge #51

seehma opened this issue Aug 7, 2023 · 2 comments
Labels
low-priority

Comments

@seehma
Copy link
Contributor

seehma commented Aug 7, 2023

maybe something like a hash or through a signing mechanism.

for example:
twinson project creator wants to publish twinson on this platform -> he publishes a public key on his website with which everyone can check if the published library is really created by him with his private key!?

only an idea...
@iadonkey
Copy link
Contributor

iadonkey commented Aug 7, 2023

This means we have to verify the identity of distributors. We could do that by having distributors generate a key pair and let them upload their public key to the Twinpack Server. I think we should postpone this and make it optional later on to have have verified packages

@iadonkey iadonkey changed the title there should be a possibility to ensure if a library comes from a specific publisher Distributor verified badge Aug 12, 2023
@iadonkey
Copy link
Contributor

iadonkey commented Dec 8, 2023

this is in contrast to twinpack registry, won’t do

@iadonkey iadonkey closed this as completed Dec 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
low-priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seehma @iadonkey