Episode 329 - Signing (What is it good for)

Open Source Security Podcast

English - June 27, 2022 00:00 - 30 minutes - 29.8 MB - ★★★★★ - 38 ratings
Technology cybersecurity open opensource security source Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Episode 328 - The Security of Jobs or Job Security

Next Episode: Episode 330 - The sliding scale of risk: seeing the forest for the trees

Josh and Kurt talk about what the actual purpose of signing artifacts is. This is one of those spaces where the chain of custody for signing content is a lot more complicated than it sometimes seems to be. Is delivering software over https just as good as using a detached signature? How did we end up here, what do we think the future looks like? This episode will have something for everyone to complain about!

Show Notes Twitter thread Kurt's security advisory page Bug 998

Twitter Mentions

@mlbiam
@kurtseifried
@joshbressers