PlatformIO Community

Supply chain poisoning

There’s a lot of talk about supply chain poisoning from the security industry at the moment. What safeguards are in place to prevent this happening in PlatformIO. Does it use code signing to verify compilers and other tool-chain elements?

CC @ivankravets for this topic

1 Like

How do I CC him? I don’t see a button for that.

No, I’ve CC-ed him already by mentioning his @.

1 Like

PlatformIO Core uses a genuine PlatformIO Trusted Registry that helps to eliminate any security issues. Each package has its own SHA-256 checksum which will be verified on the client-side. Also, all traffic goes through HTTPS.

Thank you, that is very reassuring