Does Maven Central also require machine-checkable proofs of security? | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mcguire on Jan 6, 2020 | parent | context | favorite | on: Always Review Your Dependencies, AGPL Edition

Does Maven Central also require machine-checkable proofs of security?

lmm on Jan 7, 2020 [–]

No (and I don't think any code repository does or could; what would a "proof of security" actually prove?). It does require machine-checkable signing of all releases.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact