You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need a coherent public story around artifact signing and verification for our client tools.
The story should describe the threat model we are protecting against. What points in the delivery chain are protected against what type of attacker by having signatures and verifying them. Is undesirable write to CF KV store more or less likely than GitHub Secrets disclosure (eg, via bad workflow)? What about GitHub Artifact Hosting vs GitHub Secrets?
This includes versioned builds and nightlies.
My tentative thinking is a cosign key which lives in GitHub Secrets in the nats-io and CE orgs. Not sure if we should have a separate stable and a nightly signer, or one key for both. If we use cosign then we can sign checksum files and docker images.
The text was updated successfully, but these errors were encountered:
We need a coherent public story around artifact signing and verification for our client tools.
The story should describe the threat model we are protecting against. What points in the delivery chain are protected against what type of attacker by having signatures and verifying them. Is undesirable write to CF KV store more or less likely than GitHub Secrets disclosure (eg, via bad workflow)? What about GitHub Artifact Hosting vs GitHub Secrets?
This includes versioned builds and nightlies.
My tentative thinking is a cosign key which lives in GitHub Secrets in the nats-io and CE orgs. Not sure if we should have a separate stable and a nightly signer, or one key for both. If we use cosign then we can sign checksum files and docker images.
The text was updated successfully, but these errors were encountered: