[HN Gopher] Gitsign ___________________________________________________________________ Gitsign Author : semiquaver Score : 9 points Date : 2022-06-09 20:36 UTC (2 hours ago) (HTM) web link (blog.sigstore.dev) (TXT) w3m dump (blog.sigstore.dev) | westurner wrote: | Src: https://github.com/sigstore/gitsign | | > _Keyless Git signing with Sigstore!_ | | > _This is heavily inspired by [github /smimesign], but uses | keyless Sigstore to sign Git commits with your own GitHub / OIDC | identity _ | rektide wrote: | I wrote a tool a long time ago to publish a tree of git sha's to | a neat non-distributed pre-blockchain that was being supported by | the Linux Foundation, https://publictimestamp.org | | https://github.com/rektide/git-ts | | Alas frigging publictimestamp.krg was a pretty basic site which | was fully dynically rendered. Nine of web.archive.org leaves any | evidence of what the public timestamping (centralized) blockchain | was anymore. Terrible bitrot, ironically for a.project that was | all about preserving histor That's a real bite in the ass by | irony! | | This was mostly for fun, because it was easy & made sense & I | could havk it out in a weekend. I hope this project really does | help us get good. | | I keep thinking the missong element in so much of the shit we | have- Certificate Transparency- is another feature. Signed | Exchanges. When you https get a resource, a server shpuld | cryptographically sign it, make the resource fungible. Http- | signatures feom bag in the Google Buzz days had similar, but this | is slicker & more capable. That way we can hold copies & swap | them, & knoe, at one point yes, the host said this was true. ___________________________________________________________________ (page generated 2022-06-09 23:00 UTC)