Github Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.

source https://www.wired.com/story/github-code-signing-sigstore/