At the January 19, 2023 TOC meeting, @lehors presented an overview of OpenSSF. One of the low hanging fruit that Hyperledger might implement to improve security is the use of SigStore for artifact signing.
Task to be completed
This task force will be focused on developing best practices and tooling for using SigStore for artifact signing.
List of deliverables or work products
[ ] Best Practices for using SigStore for artifact signing consistently across Hyperledger projects
Introduction/background material
At the January 19, 2023 TOC meeting, @lehors presented an overview of OpenSSF. One of the low hanging fruit that Hyperledger might implement to improve security is the use of SigStore for artifact signing.
Task to be completed
This task force will be focused on developing best practices and tooling for using SigStore for artifact signing.
List of deliverables or work products
Time to complete (no more than 6 months)
TBD
Leader
Arun S M
Initial participant list