Github Moves to Guard Open Source Against Supply Chain Attacks

The popular Microsoft-owned code repository plans to roll out code signing, which will help beef up the security of open source projects.
Wired