Season 2 · Episode 1771
PGP vs GPG: The Key to Docker & Hugging Face
PGP or GPG? We break down the alphabet soup of signing Docker images and AI models, and why it matters for supply chain security.
My Weird Prompts · Daniel Rosehill
March 30, 202621m 15s
Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Ever wonder about that "gpg" command you run to verify Docker or Hugging Face downloads? It's not just tech jargon—it's the backbone of software integrity. We dive into the history of PGP vs. GPG, explaining why this open-source cryptography is the standard for signing code and AI models. Learn how signatures ensure provenance, the risks of key management, and why the "Web of Trust" matters more than ever in the age of AI agents.