-
According the secure boot specification, users can enroll their own keys for secure boot.
If the QOS bootloader were signed, users could manually enroll the signing key within the UEFI. That would be…
-
# Motivation
The motivation of writing this article is inspired by [this discussion](https://github.com/confidential-containers/image-rs/issues/2#issuecomment-988339595). This discussion inspired m…
-
Take NPM as an example - there is an option to configure MFA, and you can enforce it per package (see the [docs](https://docs.npmjs.com/about-two-factor-authentication)). But once MFA is enabled, you …
-
`crypto/rand` exposes an `io.Reader` variable `Reader` as "a global, shared instance of a cryptographically strong pseudo-random generator." Furthermore, `crypto/rand.Read` implicitly uses `Reader` fo…
-
## Section Number
TF-2C (new appendix)
## Priority
- *High: Important issue where there is major issue to be resolved. Requires discussion and debate.* for Milestone 1.3
## Issue
For …
-
Original report on H1 to the GitHub security team: https://hackerone.com/bugs?subject=user&report_id=689850
---
The GitHub Actions `downloadTool` API allows the download of tools over HTTP inste…
-
From this article:
https://arstechnica.com/information-technology/2022/05/digital-drivers-license-used-by-4m-australians-is-a-snap-to-forge/
There is this misguided notion that I've heard many t…
-
Title: Secure Identity and Context in Microservices with Tratteria
Speakers: Atul Tulshibagwale/tulshi
Description:
[Tratteria](https://tratteria.io/) implements a new IETF OAuth WG draft call…
-
If you want to add a .NET app into a distro's package repository, you are faced with a daunting task.
Distro repositories require all binaries that are distributed, and needed to built the app, to …
tmds updated
7 months ago
-
This issue document a discussion with @TheAssassin regarding how to provide a
way to securely prove that an AppImage runs in a FireJail sandbox before
execution with and without AppImageLauncher.
…
Elv13 updated
5 years ago