OpenPubkey is an open-source cryptographic protocol that hopes to make stronger safety within the open supply ecosystem.
It uses the authentication framework OpenID Attach, enabling customers to signal artifacts the usage of their OpenID id. This allows the usage of provide chain security measures like signed builds, deployments, and code commits.
It was once advanced at BastionZero, and is now being maintained by means of the Linux Basis. Via bringing it beneath the umbrella of the Linux Basis, the challenge maintainers hope it may possibly foster extra collaboration and enlarge the succeed in of the challenge.
“The Linux Basis is proud to host the OpenPubkey Mission,” mentioned Jim Zemlin, Govt Director of the Linux Basis. “We consider this initiative will play a pivotal function in strengthening the protection of the open supply tool neighborhood. We inspire builders and organizations to sign up for this collaborative effort in improving tool provide chain safety.”
Docker additionally just lately introduced that it now helps OpenPubkey for signing its packing containers.
“We offered OpenPubkey as its personal standalone protocol to make it simple and safe to make use of virtual signatures with OpenID Attach,” mentioned Ethan Heilman, co-founder and CTO of BastionZero. “We’re excited to spouse with Docker to provide its neighborhood of tool builders and open supply individuals a easy and handy approach for customers, carrier accounts, machines, or workloads to create virtual signatures the usage of their id.”