| title |
What does it look like to code-sign for an entire packaging ecosystem? |
| date |
2023-11-30 |
| authors |
|
| conference |
|
| resources |
| label |
path |
Slides |
What does it look like to code-sign for an entire packaging ecosystem.pdf |
|
|
This talk bridges a perceived gap between theoretical and practical collaboration on code-signing for open source packaging ecosystems. It exposes academics and researchers to the practical considerations that open source programmers and package index maintainers face when determining how and whether to integrate code-signing into their systems. It also casts sunlight on often-ignored problems like increased operational burden for maintainers and the privacy concerns of identity and identity malleability in primarily pseudonymous ecosystems.