Episode 329 - Signing (What is it good for)
Open Source Security Podcast
English - June 27, 2022 00:00 - 30 minutes - 29.8 MB - ★★★★★ - 38 ratingsTechnology cybersecurity open opensource security source Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Episode 328 - The Security of Jobs or Job Security
Josh and Kurt talk about what the actual purpose of signing artifacts is. This is one of those spaces where the chain of custody for signing content is a lot more complicated than it sometimes seems to be. Is delivering software over https just as good as using a detached signature? How did we end up here, what do we think the future looks like? This episode will have something for everyone to complain about!
Show Notes Twitter thread Kurt's security advisory page Bug 998