|
|
Log in / Subscribe / Register

The Linux Foundation's "sigstore" project

The Linux Foundation's "sigstore" project

Posted Mar 12, 2021 22:06 UTC (Fri) by Jan_Zerebecki (guest, #70319)
In reply to: The Linux Foundation's "sigstore" project by mss
Parent article: The Linux Foundation's "sigstore" project

Not even that, the sigstore-with-oauth sketched in the article will not tell you whether you should trust code that their DB says was signed by lwn@example.com . So you will still need to maintain some sort of trust DB in addition to this sigstore to answer that question.

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds