Docker's image signing system sounds completely broken: https://titanous.com/posts/docker-insecurity …
-
-
Replying to @terrorobe
@terrorobe release broken feature, get told it's broken, fuck it ship it?3 replies 0 retweets 1 like -
Replying to @bascule
@bascule@terrorobe from the release note: "tech preview [...] work in progress [...] do not use for serious security just yet".1 reply 0 retweets 0 likes -
Replying to @solomonstre
@solomonstre@terrorobe they should probably start over from scratch at this point1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@terrorobe or maybe that post is a blatant plug for the author's competing signing framework, making up facts along the way.2 replies 0 retweets 0 likes -
Replying to @solomonstre
@solomonstre@terrorobe competing signing framework? Do you mean TUF? The author of that post is not directly involved in TUF...1 reply 0 retweets 0 likes
@solomonstre @terrorobe coincidentally enough, I'm literally in the middle of recommending TUF for Rust's packaging system
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.