How is that significantly different from a container with CentOS 6 in it?
-
-
No. The moment you parse a byte that didn’t come from the secure channel, you’re fucked. No exceptions. That includes the sum to check. It’s not saving you. Sorry.
-
Absolutely not. A package with a secure signature is a secure channel. You know, these days, not just using Uptane, which integrates well with package managers and solves all those problems, is something I don't understand.
-
No. It’s not. That is what the data is saying. Attempts to make secure packages don’t, in practice, work any better than signed JavaScript on HTTP pages, for the same reasons, as they’re the same thing. It’s just rolling your own crypto. Use TLS.
-
A couple of really smart people did implement Uptane. Go have a look at it.
-
What’s the underlying crypto engine? Gpg?
-
Nope. It's something designed and built from scratch.
-
Early days for the code, but getting uptake in a real industry. Cool.
-
I'm biased here, but just have a look at the code these folks are writing:https://github.com/advancedtelematic …
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.