... | ... | @@ -2206,7 +2206,8 @@ like a good compromise. |
|
|
* [gitid](https://github.com/Luiserebii/gitid): easier identity management for git
|
|
|
* [signed git pushes](https://people.kernel.org/monsieuricon/signed-git-pushes)
|
|
|
* [TUF](https://theupdateframework.io/): generic verification mechanism, used by Docker, no known
|
|
|
Git implementation just yet
|
|
|
Git implementation just yet (update: [gittuf](https://gittuf.dev/) in pre-alpha as of
|
|
|
dec 2023)
|
|
|
* [SLSA](https://slsa.dev/): "security framework, a check-list of
|
|
|
standards and controls to prevent tampering, improve integrity, and
|
|
|
secure packages and infrastructure", built on top of [in-toto][]
|
... | ... | @@ -2218,6 +2219,7 @@ like a good compromise. |
|
|
server compromise
|
|
|
* [arch linux upstream tag verifications](https://vulns.xyz/2022/05/auth-tarball-from-git/)
|
|
|
* [Linux kernel OpenPGP keys distribution repository](https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/tree/README.rst)
|
|
|
* [sequoia authenticate commits](https://github.com/sequoia-pgp/authenticate-commits) - to be evaluated
|
|
|
|
|
|
## Migration from Trac
|
|
|
|
... | ... | |