vuinputd/docs/TRUST.md

259 B

Trust

Supply-chain attacks

Only crates available in the debian eco system are used.

Reproducable builds

Code coverage

Attestation

SLSA Attestation

https://github.com/actions/attest-build-provenance

Signed artifacts

Sigstore / cosign