That’s great, and I also don’t care. But I think all people are saying is that by most definitions you cannot “prove all contributions to stagex are by humans”.

Or are you saying you can prove that aliens and cats didn’t make them? Because I’m not sure that’s true either.

And once you find out someone has trained their dog to commit something, how exactly do you revoke your trust?

I think if you answer these questions you’ll see pretty quickly why this solution isn’t the silver bullet you think it is.

Edit: stagex looks really, really good

It is not a silver bullet by itself, but when combined with the other tactics in stagex I believe it gives us a very strong supply chain attack defense.

I can not prove the tools used, but I can prove multiple humans signed off on code with keys they stake their personal reputations on that I have confirmed they maintain on smartcards.

While nothing involving humans is perfect I feel it is best effort with existing tools and standards and makes us one of the hardest projects to deploy a successful supply chain attack on today.

Edit: Saw your edit. Thanks!