LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, March 10th, 2021

    Time Event
    2:39p
    The Linux Foundation's "sigstore" project
    The Linux Foundation has announced
    a project called sigstore; its purpose is
    to protect against supply-chain attacks by signing (and verifying) release
    artifacts. "Very few open source projects cryptographically sign
    software release artifacts. This is largely due to the challenges software
    maintainers face on key management, key compromise / revocation and the
    distribution of public keys and artifact digests. In turn, users are left
    to seek out which keys to trust and learn steps needed to validate
    signing. Further problems exist in how digests and public keys are
    distributed, often stored on websites susceptible to hacks or a README file
    situated on a public git repository. sigstore seeks to solve these issues
    by utilization of short lived ephemeral keys with a trust root leveraged
    from an open and auditable public transparency logs.    "
    4:09p
    Security updates for Wednesday
    Security updates have been issued by Debian (kernel and privoxy), Fedora (libtpms, privoxy, and x11vnc), openSUSE (chromium), Red Hat (.NET 5.0, .NET Core, .NET Core 2.1, .NET Core 3.1, dotnet, and dotnet3.1), SUSE (git, kernel, openssl-1_1, and wpa_supplicant), and Ubuntu (git and openssh).
    6:47p
    [$] Python exception groups
    Exceptions in
    Python are a mechanism used to report errors (of an
    exceptional variety); programs can be and are written to expect and handle
    certain types of exceptions using try and except. But
    exceptions were originally meant to report a single error event and, these
    days, things are a tad more complicated than that. A recent Python
    Enhancement Proposal (PEP) targets adding exception groups, as well as new
    syntax to catch and handle the groups.
    11:04p
    [$] A vulnerability in Git
    A potentially nasty vulnerability in the Git
    distributed revision-control system was disclosed on March 9. There are enough
    qualifiers in the description of the vulnerability that it may appear to be
    fairly narrowly focused—and it is. That may make it less worrisome, but
    it is not entirely clear. As with most vulnerabilities, it all depends on how
    the software is being used and the environment in which it is running.

    << Previous Day 2021/03/10
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org