|
|
Log in / Subscribe / Register

The Linux Foundation's "sigstore" project

The Linux Foundation's "sigstore" project

Posted Mar 11, 2021 9:40 UTC (Thu) by Sesse (subscriber, #53779)
Parent article: The Linux Foundation's "sigstore" project

If it's OpenID-based, what makes it more secure than just getting the file over TLS in the first place? If it so you can put it on GitHub without fear of… something? How do you know which OpenID scope to trust? (I thought OpenID was basically dead a long time ago, but seemingly not.)

to post comments

The Linux Foundation's "sigstore" project

Posted Mar 11, 2021 14:20 UTC (Thu) by grawity (subscriber, #80596) [Link]

It's OpenID Connect, which is actually OAuth 2.0 extended with some of the features OpenID had – but otherwise it's unrelated to the original OpenID.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds