Explore >> Select a destination
|
You are here 
|
logr.cogley.info | ||
| | | | |
www.chainguard.dev
|
|
| | | | | Read the latest software supply chain & open source security updates, from our opinions on security technologies to research & remedies for the biggest threats. | |
| | | | |
blog.jak-linux.org
|
|
| | | | | In DebConf17 there was a talk about The Update Framework, short TUF. TUF claims to be a plug-in solution to software updates, but while it has the same practical level of security as apt, it also has the same shortcomings, including no way to effectively revoke keys. TUF divides signing responsibilities into roles: A root role, a targets rule (signing stuff to download), a snapshots rule (signing meta data), and a time stamp rule (signing a time stamp file). There also is a mirror role for signing a list of mirrors, but we can ignore that for now. It strongly recommends that all keys except for timestamp and mirrors are kept offline, which is not applicable for APT repositories - Ubuntu updates the repository every 30 minutes, imagine doing that with offline... | |
| | | | |
devopsjournal.io
|
|
| | | | | DevCon Romania 2024 - Protect yourself against supply chain attacks | |
| | | | |
www.mikekasberg.com
|
|
| | | It's been nearly 2 years since I originally wrote about How I Manage Passwords with KeePass. That blog entry was inspired by Troy Hunt's post,... | ||
