Introduce-a-new-signing-mechanism· Shopify/rfcs
Gem signing as it exists today is unwieldy and little-used, even though signatures form a vital part of ensuring the security of software supply chains. This RFC proposes a replacement system for signing gems and verifying gem signatures. The new scheme will be based on sigstore, a widely-backed open source service for creating and storing signature information in a public transparency log. This functionality would be rolled out in several phases to smooth adoption. Ultimately, we intend to make signing and verifying gems an everyday experience, analogous to how Let’s Encrypt has made TLS certificates simple and ubiquitous.
Introduce-a-new-signing-mechanism· Shopify/rfcs #ruby #rubydeveloper #rubyonrails #shopify/rfcs https://rubyonrails.ba/single/introduce-a-new-signing-mechanism-shopify-rfcs
Nezir Zahirovic
Contractor Ruby On Rails (8+ years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)
