Docker's image signing system sounds completely broken: https://titanous.com/posts/docker-insecurity …
-
-
@bascule@terrorobe from the release note: "tech preview [...] work in progress [...] do not use for serious security just yet". -
@solomonstre@terrorobe they should probably start over from scratch at this point -
@bascule@terrorobe or maybe that post is a blatant plug for the author's competing signing framework, making up facts along the way. -
@solomonstre@terrorobe competing signing framework? Do you mean TUF? The author of that post is not directly involved in TUF... -
@solomonstre@terrorobe coincidentally enough, I'm literally in the middle of recommending TUF for Rust's packaging system
End of conversation
New conversation -
-
-
@bascule I wonder if it's passage through the trough of disillusionment will be more graceful than mongodbs. time will tell. -
.
@terrorobe probably not. Docker feels like fundamentally the wrong level of abstraction to me, and I liked FreeBSD jails 10 years ago
End of conversation
New conversation -
-
-
@bascule Hype drive to 11, marketing full steam ahead. Disregard proper engineering, fix things eventually when even zealots gets suspiciousThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.