PGP vs Sigstore - The Match at Maven Central
Offered By: Devoxx via YouTube
Course Description
Overview
Explore the world of software artifact signing in this informative conference talk comparing PGP and sigstore for Maven Central. Dive into the challenges of PGP key management for signing libraries and verifying dependencies to prevent software supply chain issues. Learn about the sigstore project, which promises easier keyless signatures, and its potential to revolutionize package registry security. Discover how sigstore works and its expected improvements for both signing and verification processes at Maven Central. Gain insights from Hervé Boutemy, a long-time Maven Committer and Apache Software Foundation member, as he shares his expertise on enhancing user experience in Maven.
Syllabus
PGP vs sigstore: the match at Maven Central by Hervé Boutemy
Taught by
Devoxx
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLP®
Pluralsight