[Git][reproducible-builds/reproducible-website][master] 2024-06: Fixup some spelling.

Chris Lamb (@lamby) gitlab at salsa.debian.org
Wed Jul 10 16:45:19 UTC 2024



Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
6eea053b by Chris Lamb at 2024-07-10T17:44:49+01:00
2024-06: Fixup some spelling.

- - - - -


1 changed file:

- _reports/2024-06.md


Changes:

=====================================
_reports/2024-06.md
=====================================
@@ -63,7 +63,7 @@ A total of three separate scholarly papers related to Reproducible Builds were p
 
 [*DiVerify: Diversifying Identity Verification in Next-Generation Software Signing*](https://arxiv.org/abs/2406.15596) was written by Chinenye L. Okafor, James C. Davis and Santiago Torres-Arias also of [Purdue University](https://www.purdue.edu/) and is interested in:
 
-> Code signing enables software developers to digitally sign their code using cryptographic keys, thereby associating the code to their identity. This allows users to verify the authenticity and integrity of the software, ensuring it has not been tampered with. Next-generation software signing such as Sigstore and OpenPubKey simplify code signing by providing streamlined mechanisms to verify and link signer identities to the public key. However, their designs have vulnerabilities: reliance on an identity provider introduces a single point of failure, and the failure to follow the principle of least privilege on the client side increases security risks. We introduce Diverse Identity Verification (DiVerify) scheme, which strengthens the security guarantees of nextgeneration software signing by leveraging threshold identity validations and scope mechanisms.
+> Code signing enables software developers to digitally sign their code using cryptographic keys, thereby associating the code to their identity. This allows users to verify the authenticity and integrity of the software, ensuring it has not been tampered with. Next-generation software signing such as Sigstore and OpenPubKey simplify code signing by providing streamlined mechanisms to verify and link signer identities to the public key. However, their designs have vulnerabilities: reliance on an identity provider introduces a single point of failure, and the failure to follow the principle of least privilege on the client side increases security risks. We introduce Diverse Identity Verification (DiVerify) scheme, which strengthens the security guarantees of next-generation software signing by leveraging threshold identity validations and scope mechanisms.
 
 <br>
 



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/6eea053b3e38ee8eaea325229c4d560f4bcaa980

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/6eea053b3e38ee8eaea325229c4d560f4bcaa980
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240710/c6ccaf5e/attachment.htm>


More information about the rb-commits mailing list