Tor Goes Rust: Introducing Arti, a New Foundation for the Future of Tor
The development of "Arti," a Rust-based Tor implementation funded by Zcash, aims to enhance security and efficiency by addressing the limitations of the current C-based Tor.
Updates and recent posts about Sigstore..
News FAUN.dev() Team
@kala shared an update, 4 months, 1 week ago
FAUN.dev()
Gemini Deep Research Is Now Programmable Through a New API
The enhanced Gemini Deep Research agent is now available via API, enabling developers to integrate advanced research capabilities into applications, with the open-sourcing of DeepSearchQA for evaluating complex tasks.
News FAUN.dev() Team
@kala shared an update, 4 months, 1 week ago
FAUN.dev()
GitHub Copilot Adds GPT-5.2 With Long-Context and UI Generation
OpenAI unveils GPT-5.2 for GitHub Copilot, enhancing software engineering with improved long-context reasoning and UI generation, integrated with Microsoft Azure and NVIDIA.
News FAUN.dev() Team
@kala shared an update, 4 months, 1 week ago
FAUN.dev()
GPT-5.2 Quietly Beats Human Experts at Knowledge Work
OpenAI releases GPT-5.2, enhancing professional tasks with improved speed and cost-effectiveness, now available for paid users in ChatGPT and via API.
Story
@laura_garcia shared a post, 4 months, 2 weeks ago
Software Developer, RELIANOID
RELIANOID at CII Delhi International Technology Summit 2025
16–17 December 2025 - New Delhi, India Our team continues a packed December schedule, and we’re excited to add another key event: the CII Delhi International Technology Summit 2025. Focused on “Accelerating the Techade”, this summit brings together industry, government, and research leaders to shape..
At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.
The sigstore ecosystem is composed of several key components:
- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.
- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.
- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.
Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).
sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.
The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.
