Open source software tools and services are often created quickly and out of necessity. Linus Torvalds, for example, created the first version of git in a weekend when the Linux kernel team could no longer use BitKeeper for Source Control Management.
sigstore was created earlier this year to address the massive gap for an easy, trustable and efficient digital signing tool to confirm the provenance (origin) of software. Since March 2021 sigstore has been growing rapidly and is being used for various projects. This includes Kubernetes, one of the world’s largest open source projects.
But like Let’s Encrypt and the Linux Kernel, sigstore requires resources. Building the first version of the tool is different from bringing together resources to enable widespread adoption and support it for the long term. That’s why we’re excited to announce today that the project has received generous contributions from Chainguard, Cisco, HPE, Google, Red Hat and VMware to conduct an extensive security audit and hire a full-time developer relations engineer.
The reality is that today the majority of software isn’t digitally signed. Without signatures, there’s little evidence of the software’s provenance, so most software consumed is cryptographically untrusted. With sigstore, developers can digitally sign containers, artifacts, config-as-code, policy, and any given computer file. sigstore has the potential of becoming to digital signing what Let’s Encrypt is to HTTPS.
“By working to eliminate the requirements for specialized skills in cryptography, sigstore is committed to establishing trust and transparency in the open source supply chain. Removing this exclusivity is key to increasing developers’ access to cryptographic signing and creating an open log for accountability. Red Hat is proud to support sigstore’s constant commitment to open source in the supply chain security space,” said Luke Hinds, Senior Principal Software Engineer, Red Hat.
16 comments
I savour, result in I found exactly what I was looking for. You have ended my four day lengthy hunt! God Bless you man. Have a nice day. Bye
I am impressed with this web site, rattling I am a fan.
Some genuinely interesting info , well written and broadly speaking user pleasant.
There may be noticeably a bundle to learn about this. I assume you made certain nice factors in features also.
A large percentage of of whatever you mention is supprisingly accurate and it makes me ponder the reason why I hadn’t looked at this with this light before. This piece truly did switch the light on for me as far as this particular topic goes. However there is actually one position I am not necessarily too cozy with so while I make an effort to reconcile that with the main idea of your position, allow me see just what all the rest of the visitors have to say.Very well done.
Wonderful blog! I found it while searching on Yahoo News. Do you have any suggestions on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Thanks
hi!,I love your writing so a lot! share we be in contact more approximately your post on AOL? I require a specialist in this house to solve my problem. Maybe that’s you! Looking forward to look you.
Thank you, I have just been searching for info about this subject for a long time and yours is the best I have came upon so far. But, what in regards to the bottom line? Are you positive in regards to the source?
Thanks for sharing superb informations. Your web site is very cool. I’m impressed by the details that you have on this website. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for more articles. You, my friend, ROCK! I found just the information I already searched all over the place and simply could not come across. What an ideal web-site.
It’s hard to find knowledgeable people on this topic, but you sound like you know what you’re talking about! Thanks
Together with almost everything that appears to be developing within this particular subject matter, many of your opinions are quite stimulating. However, I am sorry, but I do not give credence to your entire idea, all be it stimulating none the less. It would seem to us that your commentary are not totally rationalized and in simple fact you are generally yourself not really fully convinced of the assertion. In any event I did appreciate reading through it.
hi!,I really like your writing very so much! proportion we keep up a correspondence more approximately your article on AOL? I require an expert in this area to solve my problem. May be that is you! Having a look forward to see you.
Good blog! I truly love how it is easy on my eyes and the data are well written. I’m wondering how I might be notified when a new post has been made. I’ve subscribed to your feed which must do the trick! Have a nice day!
Great line up. We will be linking to this great article on our site. Keep up the good writing.
I discovered your blog site on google and check a few of your early posts. Continue to keep up the very good operate. I just additional up your RSS feed to my MSN News Reader. Seeking forward to reading more from you later on!…
Hi there, just became alert to your blog through Google, and found that it is truly informative. I’m gonna watch out for brussels. I’ll be grateful if you continue this in future. Many people will be benefited from your writing. Cheers!