Rubygems Trusted Publishing Discussion

As more and more vulnerabilities like "xz" with Linux happen, reproducible builds and releasing processes like Trusted Publishing that the Rubygems team has built will be critical. I mean, how many of us actually check the code that is downloaded by bundler to ensure it's secure? Probably very few of us!