[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
20/66: icse-2022: Mention sigstore.
From: |
Ludovic Courtès |
Subject: |
20/66: icse-2022: Mention sigstore. |
Date: |
Wed, 29 Jun 2022 11:31:59 -0400 (EDT) |
civodul pushed a commit to branch master
in repository maintenance.
commit b7fce8ece1d82c97ffb41f79a3550340f95ae65b
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Aug 30 16:02:19 2021 +0200
icse-2022: Mention sigstore.
---
doc/icse-2022/security.sbib | 6 ++++++
doc/icse-2022/supply-chain.skb | 14 +++++++-------
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/doc/icse-2022/security.sbib b/doc/icse-2022/security.sbib
index 8ef6c95..cef3c99 100644
--- a/doc/icse-2022/security.sbib
+++ b/doc/icse-2022/security.sbib
@@ -198,6 +198,12 @@ Thayer")
(year "2010")
(url "https://www.fsf.org/blogs/sysadmin/savannah-and-www.gnu.org-downtime"))
+(misc sigstore2021:web
+ (author "The Linux Foundation")
+ (title "sigstore, a new standard for signing, verifying and protecting
software")
+ (year "2021")
+ (url "https://www.sigstore.dev/"))
+
#|
(defun skr-from-bibtex ()
"Vaguely convert the BibTeX snippets after POINT to SBibTeX."
diff --git a/doc/icse-2022/supply-chain.skb b/doc/icse-2022/supply-chain.skb
index d4625b6..4dec83f 100644
--- a/doc/icse-2022/supply-chain.skb
+++ b/doc/icse-2022/supply-chain.skb
@@ -968,13 +968,13 @@ containing “build recipe”. To date, it appears that ,(tt
[opam update])
itself does not authenticate repositories though; it is up to users and
developers to run Conex.])
- (p [The in-toto framework can be thought of as a generalization of
-TUF; it aims at ensuring the integrity of complete software supply
-chains, taking into accounts the different steps that comprise software
-supply chains in widespread use such as Debian’s ,(ref :bib
-'torresarias2019:intoto). In particular, it focuses on ,(emph [artifact
-flow integrity])—that artifacts created by a step cannot be altered
-before the next step.])
+ (p [The in-toto framework ,(ref :bib 'torresarias2019:intoto) and
+similarly sigstore ,(ref :bib 'sigstore2021:web) can be thought of as a
+generalization of TUF; it aims at ensuring the integrity of complete
+software supply chains, taking into accounts the different steps that
+comprise software supply chains in widespread use such as Debian’s. In
+particular, it focuses on ,(emph [artifact flow integrity])—that
+artifacts created by a step cannot be altered before the next step.])
(p [Thanks the functional deployment model, Guix has end-to-end
control over artifact flow, from source code to binaries delivered to
- 32/66: programming-2022: Use a monospace font for code snippets., (continued)
- 32/66: programming-2022: Use a monospace font for code snippets., Ludovic Courtès, 2022/06/29
- 08/66: ccs-2021: Capitalize section titles., Ludovic Courtès, 2022/06/29
- 10/66: ccs-2021: Improve "Rationale" section., Ludovic Courtès, 2022/06/29
- 13/66: ccs-2021: Proof-read and tweak., Ludovic Courtès, 2022/06/29
- 15/66: ccs-2021: Typos, hyphenation, and other improvements., Ludovic Courtès, 2022/06/29
- 14/66: ccs-2021: Update ACM categories., Ludovic Courtès, 2022/06/29
- 16/66: ccs-2021: Tweak "Related Work"., Ludovic Courtès, 2022/06/29
- 17/66: ccs-2021: Give example authentication throughput., Ludovic Courtès, 2022/06/29
- 18/66: ccs-2021: Prepare for ICSE resubmission., Ludovic Courtès, 2022/06/29
- 19/66: icse-2022: Add CCS reviews., Ludovic Courtès, 2022/06/29
- 20/66: icse-2022: Mention sigstore.,
Ludovic Courtès <=
- 35/66: programming-2022: Mention prior work upfront in the intro., Ludovic Courtès, 2022/06/29
- 36/66: programming-2022: Clarify intro commits and downgrade protection., Ludovic Courtès, 2022/06/29
- 44/66: cise-2022: Remove unused procedures., Ludovic Courtès, 2022/06/29
- 45/66: programming-2022: Add diff document., Ludovic Courtès, 2022/06/29
- 47/66: programming-2022: Add README.md for artifact evaluation., Ludovic Courtès, 2022/06/29
- 22/66: icse-2022: Cite SolarWinds and Executive Order., Ludovic Courtès, 2022/06/29
- 23/66: icse-2022: Address CCS reviewer comments., Ludovic Courtès, 2022/06/29
- 26/66: icse-2022: Fix typos., Ludovic Courtès, 2022/06/29
- 38/66: programming-2022: Tweak dot options., Ludovic Courtès, 2022/06/29
- 33/66: programming-2022: Augment abstract., Ludovic Courtès, 2022/06/29