ISigstore: Iphrojekthi yokwenza ngcono ukuthengwa kwemithombo evulekile
Namuhla, sizokhuluma ngakho "I-Sigstore". Enye yezinto eziningi, ze amaphrojekthi wamahhala futhi avulekile ngaphansi kokufundiswa kwe- Isisekelo se-Linux.
"I-Sigstore" Ngokuyisisekelo iphrojekthi eyenzelwe ukuhlinzeka ngemisebenzi enhle yomphakathi engenzi nzuzo, ukuze thuthukisa ukuthengiswa kwempahla de isoftware yomthombo ovulekile kusiza ukwamukelwa kwesiginesha ye-software ye-cryptographic esekelwa ubuchwepheshe bokubhalisa obala.
"I-Sigstore", Akuyona yodwa Iphrojekthi yeLinux Foundation esikhulume ngayo ezikhathini ezedlule. Omunye wabo ubelokhu Izithuthi zeBanga le-Linux, esichaza ngaleso sikhathi ngale ndlela elandelayo:
"I-Automotive Grade (Quality) Linux yiphrojekthi yokusebenzisana yomthombo ovulekile ehlanganisa abenzi bezimoto, abathengisi nezinkampani zobuchwepheshe ukusheshisa ukuthuthukiswa nokwamukelwa kwesitaki sesoftware esivuleke ngokuphelele semoto yangomuso. Njengoba iLinux ingumgogodla wayo, i-AGL ithuthukisa ipulatifomu evulekile kusuka phansi kuze kube manje engasebenza njengezinga lomkhakha we-de facto ukunika amandla ukuthuthukiswa okusheshayo kwezici ezintsha nobuchwepheshe." I-Linux Foundation: Yethula ku-Consumer Electronics Show 2020
Kamuva, ezincwadini ezizayo sizobhekana namanye amaphrojekthi, kepha kulabo abafisa ukuzihlola ngokwabo, bangakwenza lokhu ngesixhumanisi esilandelayo: Amaphrojekthi weLinux Foundation.
ISigstore: Iphrojekthi yeLinux Foundation
Yini iSigstore?
Ngokusho kwakhe Iwebhusayithi esemthethweni yeSigstore, okufanayo:
"Iphrojekthi eyenziwe ngenhloso yokuhlinzeka ngensizakalo yomphakathi engenzi nzuzo ukwenza ngcono ukuthengwa kwesoftware yomthombo ovulekile ngokusiza ukwamukelwa kwesiginesha ye-software ye-cryptographic, esekelwa ubuchwepheshe bokubhalisa obala. Ngaphezu kwalokho, izama ukuqeqesha abathuthukisi be-software ukuthi basayine ngokuphepha izinto zobuciko zesoftware ezinjengokukhishwa kwamafayela, izithombe zeziqukathi, ama-binaries, isikweletu sezinto ezibonakalayo, nokuningi."
Ngaphezu kwalokho, le phrojekthi ifuna ukuqinisekisa ukuthi:
"Izinto ezisayiniwe zigcinwa kumarekhodi womphakathi angenabufakazi."
Kungani iSigstore ibalulekile?
Le phrojekthi, amathuluzi ayo namalungu, ifuna ukuyigwema «ukuhlaselwa kokuthengwa kwesoftware », njengokuthi, kwenzekeni nge- SolarWinds nezinye ezaziwayo ezikhathini zakamuva.
"AbakwaMicrosoft bathe abaduni basebenzise uhlelo lokuqapha nokuphathwa kweSolarWinds 'Orion, okubavumela ukuthi bazenze noma yimuphi umsebenzisi ne-akhawunti ekhona enhlanganweni, okubandakanya nama-akhawunti anelungelo elikhulu. I-Russia kuthiwa isebenzise izingqimba zezinto ezithengiswayo ukuze ifinyelele ezinhlelweni zikahulumeni."
Kuqondwe ngu «ukuhlaselwa kokuthengwa kwesoftware » esenzweni, isigelekeqe sifaka ikhodi enonya kusoftware esemthethweni ukuyisabalalisa yonke indawo.
Ngakho-ke, amaphrojekthi wamahhala / avulekile akhululekile futhi asebenziseka kalula, njenge "I-Sigstore" zidingeka ngokwengeziwe ezinsukwini zethu.
Ungakuvimbela kanjani ukuhlaselwa kohlelo lokunikezwa kwesoftware?
Yize, kwezinye izikhathi, sinikeze izeluleko zokuphepha ezisebenzisekayo, ezisebenza kuwo wonke umuntu futhi ngazo zonke izikhathi noma ezimweni, amathiphu alandelayo agxile ngqo ekunciphiseni lolu hlobo lokuhlaselwa ngangokunokwenzeka:
- Gcina iqoqo lawo wonke amathuluzi esoftware wakho nowangaphandle, asetshenzisiwe mahhala futhi avulekile, nokuphathelene nokuvaliwe, asetshenziswayo.
- Qaphela ubungozi obaziwayo nobuzayo, bazo zonke izinhlelo zokusebenza nezinhlelo ezisetshenzisiwe, ukufaka isicelo ngokushesha okukhulu amabala atholakala ngokusemthethweni.
- Hlala unolwazi ngokuphulwa okutholakele noma ukuhlaselwa okwenziwe, ukuba ngumnikazi nabanikezeli besoftware abavela eceleni, ukugwema isimanga esingalindelekile ngalezi zindlela
- Susa esikhathini esifishane, lezo zinhlelo, izinsizakalo kanye nezivumelwano ezingase zingasafuneki (zingadingeki) noma zingasebenzi (zingasetshenziswanga).
- Hlela futhi usebenzise amasu ahlanganyelwe nezidingo zokuphepha nabahlinzeki bakho be-software, ukunciphisa ubungozi be-IT kubo nezinqubo zakho zokuphepha.
- Qalisa ukuhlolwa kwamakhodi njalo. Futhi gcina ukubuyekezwa kokuvikela okubuyekeziwe futhi ushintshe izinqubo zokulawula, ezidingekayo engxenyeni ngayinye yekhodi eyakhiwe noma esetshenzisiwe.
- Yenza ukuhlolwa kokungena okujwayelekile ukukhomba izingozi ezingaba khona kungxenyekazi yakho yekhompyutha.
- Sebenzisa izinyathelo zokuphepha ze-IT, njengokulawulwa kokufinyelela kanye nokuqinisekiswa kwe-double factor (2FA) ukuvikela izinqubo zokuthuthukisa isoftware.
- Qalisa isoftware yezokuphepha enezendlalelo eziningi zokuvikela. Ikakhulukazi ngokumelene nokungena ngaphakathi, amagciwane kanye nama-rasomwares, kujwayelekile kulezi zinsuku.
- Gcina uhlelo lwakho lokulondoloza noma lwezehlakalo lusesikhathini, ukuze gcina ngokuphepha idatha ebalulekile yezinhlelo zakho zokusebenza, amasistimu nemisebenzi (izinqubo), futhi ukwazi ukuthola noma yini yazo, ngesikhathi esifushane kakhulu.
Okuningi mayelana I-Sigstore
Ekugcineni, onjiniyela be "I-Sigstore" bachaza kancane ukusebenza kwale phrojekthi ngale ndlela elandelayo:
"I-Sigstore Isebenzisa ubuchwepheshe obukhona be-x509 PKI kanye nokubhaliswa kokubonisa izinto obala. Abasebenzisi bakhiqiza ukhiye wesikhashana we-ephemeral ukhiye besebenzisa amathuluzi amaklayenti we-sigstore. Insizakalo ye-sigstore PKI izobe isinikeza isitifiketi sokusayina esenziwe ngemuva kwesibonelelo se-OpenID sokuxhuma esiphumelelayo. Zonke izitifiketi zirekhodwa kwirejista yokubonisa okusobala kwesitifiketi futhi nezinto zokusayina zesoftware zithunyelwa kubhaliso lokubonisa ngale kwesiginesha."
"Kusetshenziswa amarekhodi obala kungenisa impande yokwethemba ku-akhawunti ye-OpenID yomsebenzisi. Ngakho-ke singaba nesiqinisekiso sokuthi umsebenzisi ofunwayo ubephethe i-akhawunti yomhlinzeki wesevisi ngesikhathi sokusayina. Lapho umsebenzi wokusayina usuqediwe, okhiye bangalahlwa, kususwe noma yisiphi isidingo sokuphathwa kokhiye abengeziwe noma isidingo sokuchithwa noma sokujikeleza."
Ngeminye imininingwane nge "I-Sigstore" ungavakashela i- iwebhusayithi esemthethweni ku-GitHub kanye nalo Umphakathi (Iqembu) umphakathi cishe -Google.
Isifingqo
Siyethemba lokhu "okuthunyelwe okuwusizo okuncane" cishe «Sigstore», iphrojekthi ethokozisayo newusizo ye Isisekelo se-Linuxokuyinto a insizakalo yokubonisa ngale kanye nesiginesha yesoftware okuhle komphakathi nokungenzi nzuzo, okwenzelwe i- thuthukisa ukuthengiswa kwempahla isoftware yomthombo ovulekile; inentshisekelo enkulu futhi iyasiza, kuyo yonke «Comunidad de Software Libre y Código Abierto» kanye negalelo elikhulu ekusabalalisweni kwemvelo emangalisayo, enkulu futhi ekhulayo yezicelo ze «GNU/Linux».
Okwamanje, uma ukuthandile lokhu publicación, Ungami yabelana ngayo nabanye, kumawebhusayithi wakho owathandayo, iziteshi, amaqembu noma imiphakathi yokuxhumana nabantu noma amasistimu wokuthumela imiyalezo, okungcono mahhala, okuvulekile kanye / noma okuphephe kakhulu njenge yocingo, Isignali, I-mastodon noma enye ye- I-Fediverse, okungcono.
Futhi khumbula ukuvakashela ikhasi lethu lasekhaya ku- «DesdeLinux» ukuhlola izindaba eziningi, kanye nokujoyina isiteshi sethu esisemthethweni se- I-Telegram ye DesdeLinux. Ngenkathi, ukuthola eminye imininingwane, ungavakashela noma yikuphi Umtapo wolwazi oku-inthanethi njengoba I-OpenLibra y I-JedIT, ukufinyelela nokufunda izincwadi zedijithali (ama-PDF) ngalesi sihloko noma ezinye.