Follow

“Building a Secure Software Supply Chain with GNU Guix”
programming-journal.org/2023/7

New refereed article on in , from to , with a focus on secure updates.

Cc: @janneke @reproducible_builds

Is (TUF) appropriate for ?

Are signed commits sufficient to authenticate a repo?

What about Git{Hub,Lab} “verified” badges?

The paper describes the checkout authentication mechanism has been using for two years.

Unlike TUF, it's tailored to functional deployment à la &

More generally, it supports off-line repo authentication.

Sign in to participate in the conversation
Mastodon (Aquilepouet)

Aquilenet, fournisseur d'accès à Internet associatif, local et militant en Aquitaine vous accueille sur son instance Mastodon !