Updates and recent posts about Sigstore..

Posts
Description

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Google Cloud donates A2A to Linux Foundation- Google Developers Blog

IntroducingAgent2Agentand brace yourself for the heavyweights—AWS, Cisco, Google, and a few more, are in on it. Their mission? Crafting the universal lingo for AI agents. It's called theA2A protocol. Finally, they're smashing the silos holding AI back... read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Critical Linux “sudo” flaw allows any user to take over the system

Millions of Linux systems are vulnerable to a sudo flaw allowing unauthorized users to run commands as root. The bug affects Ubuntu and Fedora servers, escalates privileges to root, and requires installation of the latest sudo packages for mitigation. The flaw lies in the seldom-used sudo chroot fea.. read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Grafana Tempo 2.8 release: memory improvements, new TraceQL features, and more

Grafana Tempo 2.8lands with a bang. Say hello toTraceQL query hints—they bump up results you care about and streamline span searches with parent span IDs. Meanwhile,compactor poolingrevamps slashes memory usage. Kiss those OOM errors goodbye. Important heads-up:serverless features are historyand the.. read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Linux 6.16 Performance Regression Tracked Down In New Futex Code

Linux 6.16takes a36% performance nosediveon AMD EPYC 9005 all thanks toFUTEXPRIVATEHASH. The quick fix? Yank it. Engineers scramble for a smarter solution... read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Atlassian moved 4 million Postgres databases to AWS Aurora

Atlassianpulled off a major coup, relocating 4 million Jira Postgres databases toAWS Aurora. They slashed expenses by taming CPU beasts and carved out a rock-solid 99.99% uptime. A delightful efficiency cocktail. SamsungandTSMCare brooming through some project cobwebs. Samsung's rethinking its Texas.. read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Serving 200 million requests per day with a cgi-bin

UsingGoandRustwith CGI-style requests taps into multi-core CPU might, poking fun at long-held CGI inefficiency myths... read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Insights from paper — Bigtable: A Distributed Storage System for Structured Data

Bigtableisn't just another footnote in Google's lineup. It dominates the data landscape, wrangling petabytes like a charm. Built for atomic row operations and sly tablet splits. Plus, it’s backed by Chubby’s fault-tolerance magic. Picture it as a NoSQL and relational database crossbreed with the fle.. read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

OpenYurt Becomes a CNCF Incubating Project

OpenYurt, a CNCF brainchild, shakes up cloud-edge orchestration. It dances with Kubernetes like Fred Astaire and partners with any vendor under the sun... read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Understanding Network Packet Offsets & Safe Parsing in eBPF

eBPFandRustteam up to drive a network packet parser that catches packets at breakneck kernel speed. Welcome to the future of observability and security.XDPsteps in, slicing latency to the bone for real-time inspection... read more

Link

@faun shared a link, 10 months, 2 weeks ago

FAUN.dev()

Building a Cloud Strategy That Delivers

Cloud strategy? It's not about fancy slideshows but shaking up how teams build and deploy. Master new skills. EmbraceSRE practiceslike it's your favorite hobby... read more

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.