PLAY PODCASTS
Episode 428 - GitHub artifact attestation
Episode 428

Episode 428 - GitHub artifact attestation

Open Source Security · Open Source Security

May 13, 202437m 25s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Josh and Kurt talk about a new to sign artifacts on GitHub. It's in beta, it's not going to be easy to use, it will have bugs. But that's all OK. This is how we start. We need infrastructure like this to enable easier to use features in the future. Someday, everything will be signed by default.

Show Notes
← All episodes of Open Source Security