Securing Build Platforms: Enhancing Trust in Software Distribution
Offered By: Linux Plumbers Conference via YouTube
Course Description
Overview
Explore the critical importance of securing build platforms in software development during this 35-minute conference talk from the Linux Plumbers Conference. Delve into the growing concerns surrounding the software chain of trust and its impact on security, compliance, and reliability. Examine how Linux distributions mitigate trust decisions for consumers and the challenges in evaluating distribution trustworthiness. Learn about npm's adoption of SLSA and Sigstore for build provenance, and consider the complexities of applying similar techniques to distribution build platforms. Investigate the efforts of SUSE and Flatcar Linux in this area, along with their unresolved verification issues. Gain insights into potential solutions for Linux distribution build platforms, with a focus on OpenEmbedded/Yocto Project and proof-of-concept experiments in the yocto-autobuilder2 system.
Syllabus
Securing build platforms - Joshua Lock
Taught by
Linux Plumbers Conference
Related Courses
Introduction to LinuxLinux Foundation via edX 操作系统原理(Operating Systems)
Peking University via Coursera Internet of Things: Setting Up Your DragonBoard™ Development Platform
University of California, San Diego via Coursera Information Security-3
Indian Institute of Technology Madras via Swayam Introduction to Embedded Systems Software and Development Environments
University of Colorado Boulder via Coursera