Module Conex

Establish trust in community repositories

Conex is a library to verify and attest package release integrity and authenticity through the use of cryptographic signatures.

Each author cryptographically signs a list of resources (own public key, package releases) they vouch for. The repository is a map where resource digests are the key, and the set of warrantors the value. Verification of the signature is done via verify.

Given a logs and a verify implementation, this modules provides functionality to verify identities and packages. All functions require IO explicitly.

v0.11.1 - homepage