DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Why Open Source Project Maintainers are Reluctant to use Digital Signatures

4 years ago thenewstack.io
Why Open Source Project Maintainers are Reluctant to use Digital Signatures

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

We all agree that open source development methods help create better code. Open source can still be abused by unscrupulous developers.

Patrick Toomey, GitHub‘s director of product security engineering, noted that “Open source maintainers for well-established projects (more than 100 contributors) are three to four times more likely to make use of 2FA than the average user.”

For example, GitHub is an early adopter of the emerging WebAuthn standard. Our initial support makes use of a subset of that standard to enable incredibly strong 2FA with physical security keys.”

The problem isn’t that open source developers are lazy or reluctant,” Karasulu said, “It is that a standard mechanism for 2FA specifically around code signing does not exist.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com