📝 SummarXiv

Abstract

Software signing provides a formal mechanism for provenance by ensuring artifact integrity and verifying producer identity. It also imposes tooling and operational costs to implement in practice. In an era of centralized registries such as PyPI, npm, Maven Central, and Hugging Face, it is reasonable to ask whether hardening registry security controls obviates the need for end-to-end artifact signing. In this work, we posit that the core guarantees of signing, provenance, integrity, and accountability are not automatically carried across different software distribution boundaries. These boundaries include mirrors, corporate proxies, re-hosting, and air-gapped transfers, where registry security controls alone cannot provide sufficient assurance. We synthesize historical practice and present a trust model for modern distribution modes to identify when signing is necessary to extend trust beyond registry control. Treating signing as a baseline layer of defense strengthens software supply chain assurance even when registries are secure.