Skip to content
This repository has been archived by the owner on Dec 10, 2024. It is now read-only.

Task Force Proposal: Security Artifact Signing #49

Open
1 task
tkuhrt opened this issue Jan 26, 2023 · 1 comment
Open
1 task

Task Force Proposal: Security Artifact Signing #49

tkuhrt opened this issue Jan 26, 2023 · 1 comment
Labels

Comments

@tkuhrt
Copy link
Contributor

tkuhrt commented Jan 26, 2023

Introduction/background material

At the January 19, 2023 TOC meeting, @lehors presented an overview of OpenSSF. One of the low hanging fruit that Hyperledger might implement to improve security is the use of SigStore for artifact signing.

Task to be completed

This task force will be focused on developing best practices and tooling for using SigStore for artifact signing.

List of deliverables or work products

  • Best Practices for using SigStore for artifact signing consistently across Hyperledger projects

Time to complete (no more than 6 months)

TBD

Leader

Arun S M

Initial participant list

  • Marcus Brandenburger
  • Arnaud Le Hors
  • Hart Montgomery
  • Jim Zhang
@arsulegai
Copy link
Member

Update from TOC meeting on Aug 17th, 2023:

  • This was the first TOC meeting to kick-start the task force.
  • Majority of the discussion leaned towards utilizing sigstore tool for signing the artifacts.
  • The individual projects will experiment and share the learnings in upcoming task force meeting.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

3 participants