[Git][reproducible-builds/reproducible-website][master] reports:2021-03:sigstore: clarify project desc

Santiago Torres-Arias gitlab at salsa.debian.org
Tue Apr 6 23:24:12 UTC 2021



Santiago Torres-Arias pushed to branch master at Reproducible Builds / reproducible-website


Commits:
badd2564 by Santiago Torres at 2021-04-06T19:23:40-04:00
reports:2021-03:sigstore: clarify project desc

- - - - -


1 changed file:

- _reports/2021-03.md


Changes:

=====================================
_reports/2021-03.md
=====================================
@@ -18,7 +18,7 @@ In our monthly reports, we try to outline the most important things that have ha
 
 [F-Droid](https://www.f-droid.org/) is a large repository of open source applications for the Google Android platform. This month, Felix C. Stegerman announced [*apksigcopier*](https://github.com/obfusk/apksigcopier), a new tool for copying signatures for `.apk` files from a signed `.apk` file to an unsigned one which is necessary in order to verify reproducibly of F-Droid components. Felix  filed an [Intent to Package (ITP)](https://wiki.debian.org/ITP) bug in Debian to include it in that distribution, too ([#986179](https://bugs.debian.org/986179)).
 
-On 9th March, the Linux Foundation announced the [*sigstore*](https://sigstore.dev/what_is_sigstore/) project which is intended to improve the security of the software supply chains through cryptographically signed transparency log techniques. According to the [their announcement](https://linuxfoundation.org/en/press-release/linux-foundation-announces-free-sigstore-signing-service-to-confirm-origin-and-authenticity-of-software/):
+On 9th March, the Linux Foundation announced the [*sigstore*](https://sigstore.dev/what_is_sigstore/#what-is-sigstore) project, which is a centralized service that allows developers to cryptographically sign and store signatures for release artifacts. It also attempts to help developers who don't wish to manage their own signing keypairs simplify signing their releases.
 
 > sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log. The service will be free to use for all developers and software providers, with the sigstore code and operation tooling developed by the sigstore community.
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/badd2564bec2dc06400c6ff7822db17535684109

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/badd2564bec2dc06400c6ff7822db17535684109
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20210406/da9c0423/attachment.htm>


More information about the rb-commits mailing list