π Notary project ensures the authenticity and integrity of software artifacts.
βοΈ The previous version of Notary had limited adoption due to portability and usability issues.
π The new version of Notary focuses on integrity, authenticity, and extensibility.
π Notary project ensures software authenticity through image signing and verification.
π Integrity and authenticity are crucial in trusting artifacts and container images.
π Software supply chain security is essential in securing the entire development and deployment process.
π When consuming software, it is important to establish trust in the source by verifying signing identities and setting up trust policies.
π Code signing is a technology that allows for the verification of software authenticity, ensuring that it has not been compromised.
π Attestations are signed statements or metadata that provide additional information about a software artifact, such as vulnerability reports and software bill of materials.
π The main purpose of certificates is to verify the identity and authenticity of a public key.
π Certificates are signed by a certificate authority (CA) after verifying the identity of the key holder.
π Notary Project is a tool that allows you to generate and verify signatures for images, using different signing formats.
β‘οΈ Software authenticity is ensured through the use of private keys and certificates.
β¨ The Notary Project offers different verification levels, including strict, permissive, audit, and skip, to accommodate various scenarios.
π Revocation is an important security control in software authenticity, allowing the invalidation of compromised or unfit signatures.
π The Notary Project supports traditional revocation mechanisms such as CRL and OCSP checks, as well as plugins for specialized mechanisms.
β¨ The video discusses the importance of software authenticity and introduces the Notary Project.
π Notary Project offers revocation control and privacy options for software signatures.
βοΈ The project provides extensibility through integration with existing infrastructure and plugins.
π Verification plugins allow customization of verification workflows for specific needs.
π‘ Notary project is a trust model that allows for the implementation of different trust models through a signing scheme, enabling the extension of tooling and improving customer experience.
π Notary project ensures software authenticity by verifying signatures using a trust policy and provides different verification levels to gradually adopt signature usage.
π Notary project supports extensibility through plugins, allowing integration with third-party key management, flexible verification logic, and evolving security models.
'AI μλ' μ¬λΌμ§ μ§μ ? μ΄μλ¨μ μ§μ ? (λ°μ νΈ κ΅μ) / JTBC μμλ ν΄λΌμ€
'ITκ³ κ±°μ₯' λ°νμ "κ΅λ―Όμν, chatGPT νμ©? AI μ§μ μλ€κ³ νλ‘ν μ .. 3λ°°λ‘ μ λ¨Ήμ μΌ" - λ°νμ [μ μ₯μμ λ΄μ€νμ΄ν₯], MBC 230210 λ°©μ‘
κ³ ν₯μ λ΄(μ€μ μ μ μ΅νμ)
Charls Carroll - Knowledge is a Millstone, Love is Violence to the Wicked
DON'T USE CHATGPT! These AI Tools Are Better Than Chat GPT
μλμ΄ κ°λ°μλ€μ 보μ§λ§μΈμ. μ μ or μ£Όλμ΄ κ°λ°μ λ©΄μ κΏν 1ν - μ½λ©ν μ€νΈ, μ½λ© λ©΄μ μ보λ λ²