Apr 23, 2021

Written by Dan Lorenc

Sigstore Project Update — April 2021

Photo by Brett Jordan on Unsplash Time flies in open source! This post provides a few updates on Sigstore since our last update in March. We’ve been lucky to continue welcoming new community members and contributors, with 39 contributors from over 15 companies and our Slack channel is rapidly approaching 300 members! Let’s jump into some more project updates: Rekor As mentioned above, the Rekor binary transparency log now natively supports signed JARs.

Tags:  sigstorecryptocontainerskubernetesdocker

Jan 25, 2021

Written by Dan Lorenc

SSH is the new GPG

Not really. But Kind of? Did you know that you probably already have a working PKI system for signing artifacts on your laptop today, with no keyservers, web-of-trust, or configuration? You can use it to sign files, and to find the public keys for other people and use them to verify files they signed. So why aren’t more people using this? I think it’s just gone overlooked because it’s a relatively new feature in apretty old piece of software.

Tags:  sigstoregithubopensourcesecurity