[HN Gopher] Gitsign
___________________________________________________________________
Gitsign
Author : semiquaver
Score : 9 points
Date : 2022-06-09 20:36 UTC (2 hours ago)
(HTM) web link (blog.sigstore.dev)
(TXT) w3m dump (blog.sigstore.dev)
| westurner wrote:
| Src: https://github.com/sigstore/gitsign
|
| > _Keyless Git signing with Sigstore!_
|
| > _This is heavily inspired by [github /smimesign], but uses
| keyless Sigstore to sign Git commits with your own GitHub / OIDC
| identity _
| rektide wrote:
| I wrote a tool a long time ago to publish a tree of git sha's to
| a neat non-distributed pre-blockchain that was being supported by
| the Linux Foundation, https://publictimestamp.org
|
| https://github.com/rektide/git-ts
|
| Alas frigging publictimestamp.krg was a pretty basic site which
| was fully dynically rendered. Nine of web.archive.org leaves any
| evidence of what the public timestamping (centralized) blockchain
| was anymore. Terrible bitrot, ironically for a.project that was
| all about preserving histor That's a real bite in the ass by
| irony!
|
| This was mostly for fun, because it was easy & made sense & I
| could havk it out in a weekend. I hope this project really does
| help us get good.
|
| I keep thinking the missong element in so much of the shit we
| have- Certificate Transparency- is another feature. Signed
| Exchanges. When you https get a resource, a server shpuld
| cryptographically sign it, make the resource fungible. Http-
| signatures feom bag in the Google Buzz days had similar, but this
| is slicker & more capable. That way we can hold copies & swap
| them, & knoe, at one point yes, the host said this was true.
___________________________________________________________________
(page generated 2022-06-09 23:00 UTC)