ISigstore, inkonzo yasimahla yokuqinisekisa imvelaphi kunye nokunyaniseka kwesoftware

Darkcrizt

Imizuzu ye4

Kwimizamo yokukhusela isoftware yasimahla yokubonelela ngesoftware Isiseko seLinux (umbutho ongenzi nzuzo okhuthaza ukuvela kumthombo ovulekileyo) ubambisene neRed Hat, uGoogle, kunye neYunivesithi yePurdue ukumilisela Iprojekthi entsha yokunceda abaphuhlisi bamkele ngokulula utyikityo lwe-cryptographic kwisoftware.

Este iprojekthi entsha Ixhaswe bubuchwephesha bobuchwephesha bobuchwephesha, njengoko isanda ngokwanda kwenqanaba lokwamkelwa kwemizi-mveliso yesoftware evulelekileyo, iprojekthi, I-Sigstore, ijolise ekuthinteleni uhlaselo kwindawo kawonkewonke yesoftware ekungeniseni ikhowudi eyonakeleyo kuludwe lokubonelela.

Isigstore iya kuvumela abaphuhlisi besoftware ukuba basayine ngokukhuselekileyo izixhobo zobugcisa ezinje ngeefayile zenguqulo, imifanekiso yezikhongozeli, kunye neebinaries. Kukhankanyiwe ukuba izinto ezisayiniweyo zigcinwa kwiphephandaba loluntu elingena bungqina.

I-SigStore ifuna ukuba ababhekisi phambili baqonde kwaye baqinisekise imvelaphi kunye nokunyaniseka kwesoftware esekwe kwiseti yeendlela kunye neefomathi zedatha. Izisombululo ezikhoyo zihlala zixhomekeke kwi "digests" (i-hash okanye iziphumo zomsebenzi we-hash) ezigcinwe kwiinkqubo ezingakhuselekanga, ezinokuthi zonakaliswe kwaye zikhokelele kuhlaselo olwahlukeneyo, njengokutshintshiselana nge-hash okanye ukusebenza kwe-hash, uhlaselo olujolise kubasebenzisi.

Ukusetyenziswa kwenkonzo ziya kukhululeka kubo bonke abaphuhlisi besoftware kunye nabathengisi, kunye noluntu lwe-SigStore luza kuphuhlisa ikhowudi kunye nezixhobo zokusebenza ze-sigstore. I-Red Hat, iGoogle kunye neYunivesithi yePurdue ziphakathi kwamalungu aseke le projekthi.

"I-Sigstore yenza ukuba yonke imithombo yoluntu evulekileyo isayine isoftware kwaye idibanise imvelaphi, ukuthembeka kunye nokufumanisa ukwenza isoftware ebonakalayo neqinisekileyo," utshilo uLuke Hinds, igosa eliyintloko lokhuseleko, kwiofisi yeRed Hat CTO. "Ngokubamba le ntsebenziswano kwiLinux Foundation, sinokuwukhawulezisa umsebenzi wethu kwisigstore kwaye sixhase ukwamkelwa okuqhubekayo kunye nefuthe lesoftware evulekileyo kunye nophuhliso."

Ukuqinisekisa ukumiliselwa kwesoftware kufuneka kuqale ngokuqinisekisa ukuba sisebenzisa isoftware esicinga ukuba sinayo. I-sigstore ibonisa ithuba elihle lokuzisa ukuthembana kunye nokwenza izinto elubala kunxibelelwano lwesoftware evulekileyo, utshilo uJosh Aas,

Ukuphikisa ukuba ubonelelo lwesoftware yanamhlanje lubhengezwe kwimingcipheko emininzi, Iprojekthi ithi izixhobo ezikhoyo, ezibandakanya abantu abadibana nomntu ukusayina izitshixo, kwaye zisebenze kakuhle ixesha elide, ayinakuphinda ibekho kwimeko yanamhlanje eneendawo ezisasazeke ngokwendawo.

Kukwakhankanyiwe ukuba zimbalwa iiprojekthi zomthombo ovulekileyo ezisayina ngokufihlakeleyo isoftware yenguqulelo yobugcisa. Oku kubangelwe yinxalenye enkulu yemiceli mngeni abagcini besoftware abajongana nayo kulawulo oluphambili, ukungoyiswa okuphambili, ukurhoxiswa kunye nokusasazwa kwezitshixo zoluntu kunye nezinto ze-hash. Oku kuthetha ukuba abasebenzisi mabafumane ukuba zeziphi izitshixo abanokuzithemba kwaye bafunde amanyathelo afunekayo ukuqinisekisa utyikityo.

“I-Sigstore ijonge ukwenza zonke iinguqulelo zesoftware yomthombo ovulekileyo iqinisekiswe kwaye iququzelele ukuqinisekiswa ngabasebenzisi. Ndiyathemba ukuba singakwenza oku kube lula njengokuphuma kwi-vim, ”utshilo uDan Lorenc, injineli yesoftware kwiqela elikhuselweyo lesoftware kaGoogle. 

Enye ingxaki yindlela ii-hashes kunye nezitshixo zikawonke-wonke ezisasazwa ngayo: zihlala zigcinwa kwiiwebhusayithi ezinokuba ziqhekeziwe okanye kwifayile yeREADME ebekwe kwindawo yokugcina izinto zikawonkewonke.

I-SigStore ifuna ukujongana nale micimbi ngokusebenzisa amaqhosha amafutshane e-ephemeral kunye nengcambu yokuthembela ethathwe kwirejista evulekileyo nethembekileyo yoluntu. Inkonzo entsha iya kunceda abaphuhlisi kunye nabasebenzisi baqonde kwaye baqinisekise imvelaphi kunye nokunyaniseka kwesoftware, kunye nentloko encinci.

“Ndonwabile kakhulu ngenkqubo efana nesigoreore. Isoftware ecosystem ifuna ngokungxamisekileyo inkqubo enjalo ukunika ingxelo ngemeko yesixokelelwano sonikezelo. Ndicinga nge-sigstore, ephendula yonke imibuzo malunga nemithombo yesoftware kunye nobunini, singaqala ukubuza imibuzo malunga neendawo zesoftware, abathengi, ukuthotyelwa (okusemthethweni nakwezinye), ukuchonga uthungelwano lolwaphulo-mthetho kunye nokukhuseleka kweziseko ezingundoqo zesoftware. ”Utshilo uSantiago Torres-Arias


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.