Every month we take a look back at the best new releases from Northern Ireland, showcasing the sheer amount of| Chordblossom
Build, sign, and verify WebAssembly component artifacts using Sigstore’s cosign with OIDC identity—secure, registry-native signatures for wasmCloud.| wasmCloud Blog
We're currently working on a way to update the containers we're using for Dangerzone without having to issue new releases. In order to do that, we push new container images to a container registry, and sign them with an hardware key. In addition, we want to do the verification part …| (not) my ideas
As suggested in my initial announcement of apt-sigstore my plan was to look into stronger uses of Sigstore than rekor, and I’m now happy to announce that the apt-cosign plugin has been added to apt-sigstore and the operational project debdistcanary Continue reading Sigstore for Apt Archives: apt-cosign→| Simon Josefsson's blog