OpenPubkey is an open-source cryptographic protocol that hopes to strengthen safety within the open supply ecosystem.
It makes use of the authentication framework OpenID Join, enabling customers to signal artifacts utilizing their OpenID id. This permits the usage of provide chain safety features like signed builds, deployments, and code commits.
It was developed at BastionZero, and is now being maintained by the Linux Basis. By bringing it below the umbrella of the Linux Basis, the mission maintainers hope it may possibly foster extra collaboration and broaden the attain of the mission.
“The Linux Basis is proud to host the OpenPubkey Mission,” mentioned Jim Zemlin, Govt Director of the Linux Basis. “We imagine this initiative will play a pivotal position in strengthening the safety of the open supply software program neighborhood. We encourage builders and organizations to join this collaborative effort in enhancing software program provide chain safety.”
Docker additionally just lately introduced that it now helps OpenPubkey for signing its containers.
“We launched OpenPubkey as its personal standalone protocol to make it simple and safe to make use of digital signatures with OpenID Join,” mentioned Ethan Heilman, co-founder and CTO of BastionZero. “We’re excited to associate with Docker to supply its neighborhood of software program builders and open supply contributors a easy and handy means for customers, service accounts, machines, or workloads to create digital signatures utilizing their id.”