Announcement

Collapse
No announcement yet.

Sigstore Reaches GA For Working To Secure The Open-Source Software Supply Chain

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sigstore Reaches GA For Working To Secure The Open-Source Software Supply Chain

    Phoronix: Sigstore Reaches GA For Working To Secure The Open-Source Software Supply Chain

    Sigstore that is backed by Google, Red Hat, GitHub, and other prominent organizations with an aim to secure the open-source software supply chain has reached general availability and issued the "v1.0" releases for their key software components...

    https://www.phoronix.com/news/Sigstore-Reaches-GA

  • #2
    "Sigstore provides the means of easily and cryptographically-backed means of signing code,..."

    Michael Something is very wrong grammatically here I think. But I'm not a native speaker, so I'm not going to suggest a fix.

    Comment


    • #3
      Docker is killing vendoring, so now we will get "enterprise open source" as fancy signatures generally stored on a central server run by a gang of very trustworthy corporations... It could be done with GPG+git as it'd been for years, but this way is less "painful".

      Comment


      • #4
        So if we examine the chart we can see that this checks the Google and Microsoft (GitHub) boxes, so it must be a corporate ploy to EEE FOSS in order to spy on you and sucks because there is money behind it. Also, why does this not serve to further increase RISC-V marketshare? Surely we all know that anything else is pointless to invest in. Also, why is this not written in a fast language like C instead of using a slow language like Go? This should be an AGPL project which every developer contributes to in their free time not a scheme to further make the hardware I own unhackable and prevent me from using it to its full capacity. Also, its useless because everyone should be compiling their own code.
        Last edited by AlanTuring69; 30 October 2022, 11:47 AM.

        Comment


        • #5
          https://github.com/sigstore/sigstore-website/issues/132


          lol

          Comment


          • #6
            And it's still like that, both Chrome and Firefox on my phone.

            Comment


            • #7
              Originally posted by Vorpal View Post
              "Sigstore provides the means of easily and cryptographically-backed means of signing code,..."

              Michael Something is very wrong grammatically here I think. But I'm not a native speaker, so I'm not going to suggest a fix.
              "Sigstore provides an easy and cryptographically-backed means of signing code,..."

              Comment

              Working...
              X