Dan LorencinsigstoreKubernetes signals massive adoption of Sigstore for protecting open source ecosystemKubernetes 1.24 will be the first release officially using Sigstore, enabling seamless verification of signatures to protect against supply…4 min read·May 3, 2022----
Dan LorencinsigstoreSigstore ❤ Ruby!We started the Sigstore project with a goal of making key management, certificates, and digital signatures accessible and easy to use for…1 min read·Jan 28, 2022----
Dan LorencThe Sigstore Trust ModelI hope this post can help reduce confusion around exactly how Sigstore’s trust model works, and how trust flows from the community root…6 min read·Dec 9, 2021----
Dan LorencNotary V2 and CosignThis post is to help reduce confusion between the Notary V2/Notation and Cosign projects. This is a common question from end users that I…5 min read·Nov 8, 2021--1--1
Dan LorencinsigstoreSpooky October Updates for Sigstore!October is almost done, so it’s time for another update! The supply chains are clearly haunted, so this one has a spooky theme.3 min read·Oct 29, 2021----
Dan LorencZero Trust Supply Chain SecurityThis post accompanies a talk I just gave at the 2021 Open Source Summit, called Zero Trust Supply Chain Security. The slides are available…9 min read·Oct 2, 2021--1--1
Dan LorencA Bit of Ambiance comes to SigstoreZero-trust security starts with trusting actual entities based on strong identity, not whoever happens to control a secret, or whoever gets…4 min read·Sep 16, 2021----
Dan LorencImproving TOFU With TransparencyTOFU is an OK substitute for when you have nothing better, but it’s never the best choice.8 min read·Aug 22, 2021----