“And lo, in the land of software package management, a system was born to bring order and trust. Sigstore was its name, and its mission was to sign packages with short-lived certificates, validated by a powerful OIDC provider. These signed packages were then placed in a transparency database for all…