Shakedown Social

Risotto Biasother than <a href="https://social.rust-lang.org/@rust" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rust</a> 's "we don't want TUF but we want to start with almost TUF, extend it, and accidentally build TUF but different*"[1][2]......I kinda haven't seen any good pro/con/alternative docs on things besides <a href="https://tech.lgbt/tags/TUF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TUF</a> or <a href="https://tech.lgbt/tags/sigstore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sigstore</a> (okay, in-toto is... different. as is <a href="https://tech.lgbt/tags/gittuf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gittuf</a>) heck, Python adopted it.Golang's metadata/proxy stuff is slightly different...I guess what I'm saying is there's opportunity for a cool writeup on package and language supply chain security landscapes.lighter threat models, the difference between git, language, OS, and cluster threat models,<a href="https://tech.lgbt/tags/trdl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#trdl</a> <a href="https://tech.lgbt/tags/automotivelinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#automotivelinux</a> <a href="https://tech.lgbt/tags/rustlang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rustlang</a> <a href="https://tech.lgbt/tags/InToto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InToto</a> <a href="https://tech.lgbt/tags/opa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opa</a> [1] Rust <a href="https://foundation.rust-lang.org/news/2023-12-21-improving-supply-chain-security/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://foundation.rust-lang.org/news/2023-12-21-improving-supply-chain-security/</a> [2] Rust <a href="https://github.com/rust-lang/rfcs/pull/2474" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/rust-lang/rfcs/pull/2474</a> [3] PyPi <a href="https://peps.python.org/pep-0458/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://peps.python.org/pep-0458/</a> [4] Ocaml <a href="https://opam.ocaml.org/blog/Signing-the-opam-repository/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://opam.ocaml.org/blog/Signing-the-opam-repository/</a> [5] <a href="https://github.com/php-tuf/php-tuf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/php-tuf/php-tuf</a> (old not official) [6] Haskell <a href="https://www.well-typed.com/blog/2015/04/improving-hackage-security/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.well-typed.com/blog/2015/04/improving-hackage-security/</a> [7] *gestures wildly at sigstore/docker/kubernetes**(in the accent of zefrank1 of "true facts about..") "as rust developers are want to do. same same, but different."

Recent searches

Search options

Administered by:

Server stats:

#gittuf