RC Logr 20210407 083652

Wednesday, 7 Apr, 2021

Devs check out « @ProjectSigstore », a project that aims to ease adoption of cryptographic software signing and transparency, like what LetsEncrypt does for SSL certs. 😻

What goals does it have, problems does it aim to solve?

• reduce software supply chain risk
• make maintainer key management easier
• reduce sw supply chain attacks such as build system compromises, malicious hashes, compromised keys, replay or freeze attacks

It is not quite there yet, but is one to watch.