toc icon indicating copy to clipboard operation
toc copied to clipboard
verified publisher icon hyperledger

Task Force Proposal: Security Artifact Signing

Open tkuhrt opened this issue 2 years ago • 1 comments

Introduction/background material

At the January 19, 2023 TOC meeting, @lehors presented an overview of OpenSSF. One of the low hanging fruit that Hyperledger might implement to improve security is the use of SigStore for artifact signing.

Task to be completed

This task force will be focused on developing best practices and tooling for using SigStore for artifact signing.

List of deliverables or work products

  • [ ] Best Practices for using SigStore for artifact signing consistently across Hyperledger projects

Time to complete (no more than 6 months)

TBD

Leader

Arun S M

Initial participant list

  • Marcus Brandenburger
  • Arnaud Le Hors
  • Hart Montgomery
  • Jim Zhang

tkuhrt avatar Jan 26 '23 20:01 tkuhrt

Update from TOC meeting on Aug 17th, 2023:

  • This was the first TOC meeting to kick-start the task force.
  • Majority of the discussion leaned towards utilizing sigstore tool for signing the artifacts.
  • The individual projects will experiment and share the learnings in upcoming task force meeting.

arsulegai avatar Aug 21 '23 12:08 arsulegai