... | ... | @@ -1753,6 +1753,9 @@ like a good compromise. |
|
|
* [signed git pushes](https://people.kernel.org/monsieuricon/signed-git-pushes)
|
|
|
* [TUF](https://theupdateframework.io/): generic verification mechanism, used by Docker, no known
|
|
|
Git implementation just yet
|
|
|
* [SLSA](https://slsa.dev/): "security framework, a check-list of
|
|
|
standards and controls to prevent tampering, improve integrity, and
|
|
|
secure packages and infrastructure", built on top of [in-toto][]
|
|
|
* [jcat](https://github.com/hughsie/libjcat): used by fwupd
|
|
|
* [git-signify](https://leahneukirchen.org/dotfiles/bin/git-signify): using [signify](https://github.com/aperezdc/signify), a non-OpenPGP alternative
|
|
|
* [crev](https://github.com/crev-dev/): Code REView system, used by Rust (and Cargo) to vet
|
... | ... | |