Hacker News new | past | comments | ask | show | jobs | submit | from login

OCI Artifacts Explained (2021) (dlorenc.medium.com) 1 point by mooreds 7 months ago | past The Sigstore Trust Model (dlorenc.medium.com) 1 point by dlor on Dec 9, 2021 | past Notary v2 and Cosign (dlorenc.medium.com) 6 points by dlor on Nov 8, 2021 | past Zero Trust Supply Chain Security (dlorenc.medium.com) 7 points by dlor on Oct 3, 2021 | past Improving the Trust-On-First-Use authentication scheme with transparency (dlorenc.medium.com) 13 points by dlor on Aug 22, 2021 | past | 2 comments Signature Formats (dlorenc.medium.com) 3 points by ImJasonH on Aug 15, 2021 | past In Defense of Package Managers (dlorenc.medium.com) 5 points by dlor on July 30, 2021 | past Policy and Attestations. Best Practices for Supply Chain Security (dlorenc.medium.com) 1 point by grappler on July 24, 2021 | past How to Sign a Release of OSS (dlorenc.medium.com) 1 point by tate on March 18, 2021 | past The Update Framework and You (dlorenc.medium.com) 2 points by dlor on March 18, 2021 | past How to Sign a Release of OSS (dlorenc.medium.com) 5 points by dlor on March 17, 2021 | past Cosign – Signed Container Images (dlorenc.medium.com) 3 points by dlor on March 11, 2021 | past SSH Is the New GPG. Not Really. But Kind Of? – By Dan Lorenc (dlorenc.medium.com) 11 points by tambourine_man on Jan 25, 2021 | past Zombie Dependencies (dlorenc.medium.com) 1 point by dlor on Jan 14, 2021 | past Procrastination Driven Development (dlorenc.medium.com) 1 point by dstick on Jan 5, 2021 | past Who's at the Helm? (dlorenc.medium.com) 111 points by dlor on Jan 5, 2021 | past | 39 comments The Dependency Tree Is More of a Jungle. and It’s Haunted (dlorenc.medium.com) 2 points by zdw on Dec 23, 2020 | past The Dependency Jungle (dlorenc.medium.com) 3 points by dlor on Dec 22, 2020 | past On Updating Dependencies (dlorenc.medium.com) 1 point by onig90 on Dec 15, 2020 | past

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact Search: