Docker's image signing system sounds completely broken: https://titanous.com/posts/docker-insecurity …
@solomonstre @terrorobe they should probably start over from scratch at this point
-
-
@bascule@terrorobe or maybe that post is a blatant plug for the author's competing signing framework, making up facts along the way. -
@solomonstre@terrorobe competing signing framework? Do you mean TUF? The author of that post is not directly involved in TUF... -
@solomonstre@terrorobe coincidentally enough, I'm literally in the middle of recommending TUF for Rust's packaging system
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.