-
Currently, all signatures and public keys are just wrapper structs of bytes.
For better performance and consistency, they should be wrappers of some types representing points in elliptic curves.
…
-
Text of the makepkg session:
makepkg
==> Making package: php 5.5.19-2 (Thu Jan 15 22:57:39 CST 2015)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources…
-
Currently, the monitor skips verifying signatures from signers with type pgp, gpg2, and apk2, because it probably requires shelling out to `gpg` or `apksigner`.
https://github.com/mozilla-servic…
-
Kritis should do more things than just scanning for known vulnerabilities. What I'd like to see is checking for signatures, verifying that tests have been run and test coverage is above certain thresh…
-
### Problem Statement
I have checked the project releases page, to see if the release includes a provenance attestation in its release assets. It usually ends with `.intoto.json `.
I have found that…
-
When `singularity verify` is called on an image with a single signature, the expected behaviour is straightforward. If the signature can be verified, all is well, and otherwise there is a problem.
…
-
Sublinear ring signatures have been proposed before in multiple contexts and settings, including bilinear pairings and LWE approaches, and so on. For implementation, we must look at the _total time to…
-
The tor signature and key is not up to date
-
To ensure Freenet's delegate mechanism securely stores private data and avoids [criticisms](https://x.com/mysk_co/status/1810664951796887617) similar to those faced by Signal, we need to implement a r…
-
Hi there!
I am trying to use this github action to build a custom linux kernel in the github CI, but I can't seem to figure out how to add the signing PGP key to the keychain...
I have this very…